back to article Ex-Harrods IT man cleared of stealing company issued laptop

The former Harrods IT worker accused of stealing a laptop from the luxury department store in the UK capital has been cleared of theft – but was fined for trying to remove it from the department store's domain. Pardeep Parmar, of Grove Road, Hitchin, Hertfordshire, previously pleaded guilty to causing a computer to perform a …

Page:

  1. Aqua Marina Silver badge

    A complete waste of time and tax-payers money then.

    The number of people I've had over the years that have wanted me to remove their personal stuff from company owned laptops before they've handed them back. Now because of an over zealous prosecutor, it's established as being illegal. The shop that er, shopped him deserves to be social media shamed. Did they contact the police, or contact Harrods first?

    1. Jason Bloomberg Silver badge

      Now because of an over zealous prosecutor, it's established as being illegal.

      No; the case has simply confirmed that it was already illegal.

      Not sure why you feel we should be naming and shaming those who let the authorities know there has potentially been a crime committed. I think there would be a better argument for that if they were ignoring potential crimes.

      1. Aqua Marina Silver badge

        According to FAST software piracy is a crime. Are you happy for your local IT shop to go scouring through your laptop for unlicenced software so they can report it.

        I'll clarify my point. I asked if the shop called Harrods or if they called the police. I would guess that most likely they called Harrods. If this is what they did, then this is a huge breach of privacy, and also illegal.

        1. Test Man

          But they didn't go scouring through his laptop, they inadvertently encountered proof that it wasn't his laptop to begin with when the big HARRODS logo appeared when they booted up. That, coupled with his request, would have made them suspicious enough. So not illegal.

          It's the same debate with Gary Glitter's laptop - could have been illegal but then again they stated that as part of their diagnostics (i.e. testing to make sure Windows was working again and files could be launched) they came across the dodgy images. There wouldn't have been a high-enough burden of proof to prove that they went further i.e. blatantly scoured through the HDD for things they could find.

          Same with this one.

          1. Mad Mike

            On the face of it, the employee was a bit silly about how he went about things. He should really have asked Harrods to erase the personal data for him (say in his presence), at which point he hands it back. As a data subject, he has the right for it to be deleted unless they can show a valid business reason for keeping it there, which sounds unlikely.

            Given they didn't know he had the laptop, that's a pretty poor state of affairs for Harrods as well. The shop was certainly being somewhat over zealous and actually acting wrongly. They suspected a criminal offence was being committed, which means they should have secured the laptop and contacted the police. That ensures the evidential chain. If they suspected something that wasn't criminal, they could contact Harrods. After all, the police investigate criminal matters and pass files to the DPP, not Harrods.

            You can quite easily ask a shop to perform actions on a laptop that isn't yours (say a company one). There's nothing wrong with that at all. After all, businesses need work done and sometimes local shops can be as good a route as anyone.

            The theft charge simply seems to be an extrapolation of the attempt to access, with the assumption being he wanted to retain use of the laptop and not just delete the personal data. That's one hell of an extrapolation unless there was additional evidence showing motivation. Having just been made redundant isn't evidence of this at all. So, no party really comes out of this well. The employee was somewhat stupid in his actions, Harrods have shown a lamentable grasp on who has their kit and the prosecutor seems to be into knee jerk overreactions.

            Hence, we end up wasting god knows how much time all round (police, DPP, courts etc.) for something really trivial. Guess it's easier than persuing real, personal crime though........

            1. LDS Silver badge

              "You can quite easily ask a shop to perform actions on a laptop that isn't yours"

              Without authorization? Are you kidding? And maybe give 'em the encrypted disk key so they can fix stuff and install you the latest cracked applications?

            2. Doctor Syntax Silver badge

              "He should really have asked Harrods to erase the personal data for him "

              Or he could simply have taken the hard disk out, overwritten the partition with random data, replaced it, restored the OS (I assume there was a recovery partition) and then handed the machine back..

          2. Anonymous Coward
            Anonymous Coward

            Paul Gadd

            If I remember rightly, the employee who found them also got fired as it was not his remit to look at users private files, only to repair the laptop / PC whatever.

        2. Chris King Silver badge

          So, someone comes in off the street with a corporate laptop, and asks you to break in to it for them ? That's a potential case for "handling stolen goods" before you even get to any privacy or computer misuse offences.

          (The device was issued to him by an employer for work purposes, and they subsequently terminated his contract)

        3. Jason Bloomberg Silver badge

          I asked if the shop called Harrods or if they called the police. I would guess that most likely they called Harrods. If this is what they did, then this is a huge breach of privacy, and also illegal.

          If they acted illegally then let's hope they get prosecuted, but there is no evidence presented that they have, nor for your "most likely" claim.

          I think it is actually more likely they called the police, like Cash Converters and their ilk likely would (or should) when someone comes in wanting to exchange 'a mini van's worth of DJ gear' for cash. It's really not worth it for legitimate businesses to be seen as potential fences for stolen goods or facilitating crime.

          But all our company PCs and laptops do have a "please call our number if this ends up in your hands" sticker and pop-ups and I would like to think anyone who came into contact with anything potentially stolen from us would, rather than help some ejit gain access to what's on it.

          I think you would be hard pushed to say that was illegal when the kit itself is telling them to do that.

          When our home working staff have to take kit to a local repair shop they can either take evidence with them or ask the staff to call us up and we'll say it's okay, legitimate. It hasn't happened but, if a repair shop ever did call the police and it led to an investigation, it would be easy to resolve that.

        4. Ian Johnston Silver badge

          "then this is a huge breach of privacy, and also illegal."

          Someone goes into a computer repair place and asks them to get into a computer which displays the logo of a well-known company on startup. The repair places calls the company and says "is this legit"? What "huge breach of privacy" do you think has been committed? What law do you think has been broken?

          A couple of weeks ago I bought an audiobook on eBay. When it arrived, it had a library bar code on it and nothing to say it had been withdrawn. I contacted the library to ask if they wanted it back. Was I committing a huge breach of privacy? Was I breaking the law?

    2. Adam 52 Silver badge

      "Now because of an over zealous prosecutor, it's established as being illegal."

      No it hasn't. Two reasons. First it's Magistrates court and therefore non-precedent setting. Second he pled guilty so no legal arguments were heard let alone settled.

      1. MyffyW Silver badge

        Waste of Money

        I took my partner and our kids for a cup of tea and a sticky bun in Harrods a couple of years ago and it cost 35 quid .... now that was a waste of money.

        1. steviebuk Silver badge

          Re: Waste of Money

          What did you expect, it's Harrods. Of cause it was going to be expensive.

    3. Alan Brown Silver badge

      "The number of people I've had over the years that have wanted me to remove their personal stuff from company owned laptops before they've handed them back"

      Shows how many people are stupid enough to put that information on a computer they don't own in the first place.

      1. Anonymous Coward
        Anonymous Coward

        When I did it, A Ltd. was bought by B Inc. Company X was a customer of A and a competitor of B. X did not want their data getting into the hands of B. B was American and didn't give a stuff about UK data protection laws.

      2. Allan George Dyer Silver badge
        Big Brother

        @Alan Brown - "Shows how many people are stupid enough to put that information on a computer they don't own in the first place."

        We already knew that - haven't you heard of The Cloud?

  2. Mr Dogshit Silver badge
    WTF?

    Eh?

    "it has his National Insurance number on it"

    So friggin' what? As if that's any more secret than his mother's maiden name. Was he concerned Harrods would get hold of his National Insurance number? Cos guess what, they already had it.

    And what kind of "IT worker" can't even figure out how to wipe a hard disk?

    Quite a lot of this story doesn't make sense.

    1. Mephistro Silver badge

      Re: Eh?

      "And what kind of "IT worker" can't even figure out how to wipe a hard disk?"

      A salesperson?

      And regarding "it has his National Insurance number on it", in the same paragraph the article refers to "personal files". Such personal files could include scans of his passport/driving license, list of passwords used in several sites, bank account data, list of favourite porn sites, "naughty pictures" pictures of his wife, "naughty pictures" of his sister in law or any other thing you can think of that could cause him to have his identity stolen, suffer emotional stress, suffer a traumatic divorce or...

      In normal conditions, he could have talked to a friendly Harrods IT guy, asked him to erase or recover the files and fix the issue easily and legally. Unless, of course, the working environment was very "toxic", or the IT support was outsourced to some Third or Second World country where Privacy Protection laws are not all they should be. If any of this was the case, asking the Harrods IT bod would be like walking nude at 3 A.M. in a marginal neighbourhood with a big bullseye painted in the arse*.

      *:Can't end well! 8^)

      1. Hey Nonny Nonny Mouse

        Re: Eh?

        Sorry to be a killjoy but I would place a decent wedge of cash that any use of a company laptop for storing pics of his wife, viewing porn etc. Etc would be against corporate IT policy.

        Nothing a short sharp shock to the hard disk if it had one wouldn't fix.

      2. Doctor Syntax Silver badge

        Re: Eh?

        "In normal conditions, he could have talked to a friendly Harrods IT guy"

        He'd been fired. That opportunity might not have been open to him short of threatening to take it up with the ICO.

      3. Anonymous Coward
        Anonymous Coward

        Re: Eh?

        "And what kind of "IT worker" can't even figure out how to wipe a hard disk?"

        And every company policy on issued phones, laptops or whatever say's

        "any information put on this device becomes subject to the DPA that this company follows"

        In other words, their property as it's on their property

        Simple for us IT people to understand, like a company issued car is not "your car"

    2. Rameses Niblick the Third Kerplunk Kerplunk Whoops Where's My Thribble? Silver badge
      Trollface

      Re: Eh?

      <quote>And what kind of "IT worker" can't even figure out how to wipe a hard disk?</quote>

      The kind which gets fired, clearly!

      1. Mephistro Silver badge
        Coffee/keyboard

        Re: Eh?

        ROFLMAO

    3. macjules Silver badge

      Re: Eh?

      That was my feeling as well. What kind of IT worker:

      1) Stores his personal data on a work laptop?

      2) Has to go to a third party in order to remove said data?

      3) Has 2 company laptops yet returns only 1, with the knowledge of what will entail from that?

      1. Anonymous Coward
        Anonymous Coward

        Re: Eh?

        That was my feeling as well. What kind of IT worker:

        1) Stores his personal data on a work laptop?

        I did at one point. Of course, it was just after our house fire so I didn't have a machine (or place to set it up). But I always had backups.

        These days I'm very thorough about keeping everything separate, even so far as to avoid personal web browsing and such (ephemeral activities that wouldn't require recovering/deleting files) on company kit. Just as I won't do any of their work on my own (sort of having documentation on my tablet for convenience sake).

    4. M. Poolman

      Re: Eh? "it has his National Insurance number on it"

      Erm, I think you'll find that HR and/or payroll very likely know your NI number already (how else does your NI get paid?).

    5. Mark York 3
      Paris Hilton

      Re: Eh?

      The thing I don't get is, as you can log onto any machine using cached credentials if you are not on the domain\connected to the network (& can recall the PW used last time) & this machine was at his home, therefore presumably OFF the corporate network why was he not able to log into it as a IT Tech Guy (or did he just believe his access to it was revoked & didn't bother trying).

      & why no copy of Hirens or DBAN to solve either of his two issues as a IT worker?

  3. Andy france

    IT worker?

    I'm surprised that an "IT worker" took his laptop to a computer shop rather than just booting Linux from a USB drive and accessing the hard drive to remove his personal information.

    1. Anonymous Coward
      Anonymous Coward

      Re: IT worker?

      I'm surprised that an "IT worker" took his laptop to a computer shop rather than just booting Linux from a USB drive and accessing the hard drive to remove his personal information.

      That was *exactly* my first thought, but then I started wondering if Harrods actually did the right thing and used full disk encryption or a boot inhibitor. Given their customer base they should, but let's just say that I deem that less likely than user ineptitude.

      Depending on the age of the laptop it could even have been possible to take the HDD out and hook it up to another machine - all the fun stuff you can no longer do with machines that are glued together and use SSD chips rather than disks.

      However, the correct process is to let that data be extracted by the employer and have it signed off. That's just safer for all involved. As for his NI number, the employer already has that :).

      1. Chris King Silver badge

        Re: IT worker?

        "However, the correct process is to let that data be extracted by the employer and have it signed off. That's just safer for all involved".

        Or even safer, not putting any personal stuff on a work-supplied device in the first place. If you don't control the device, you've no idea where your data could end up, assuming someone doesn't accidentally remote-wipe the kit with a fat-fingered typo.

        1. Hans 1 Silver badge
          Trollface

          Re: IT worker?

          If you don't control the device, you've no idea where your data could end up

          I assume that since the device was running Windows (it was hooked up to the domain), you do not control the device or where the data ends up?

        2. Anonymous Coward
          Anonymous Coward

          Re: IT worker?

          Or even safer, not putting any personal stuff on a work-supplied device in the first place.

          Sure, but depending on the kind of work you do, that machine may be the only link between home and where you work because few people I know will carry along two separate laptops for long. It's not that easy sometimes, which is why I always ensure that personal use is covered and protected in contracts and work instruction.

          The price you pay for that is that it may not be that private because the company controls the device.

        3. MrBanana

          Re: IT worker?

          It's not always possible to separate personal stuff from work. If you get asked to travel abroad by your company then you may have to submit all sorts of personal data regarding you and your family to get a travel visa. Many companies will force you to use a visa processing agency and at some point you will have all that information on your company hard drive. Some people won't care about it at all, some will know how to delete it so it cannot be recovered, some will decide that they need external help to delete it.

    2. Prst. V.Jeltz Silver badge

      Re: IT worker?

      "I'm surprised that an "IT worker" took his laptop to a computer shop rather than just booting Linux from a USB drive and accessing the hard drive to remove his personal information."

      I'm surprised you think that would work as all Laptop hard drives are encrypted now. Well, most . Those whose's I.T. depts are competant , which we dont know thats the case here.

      The best the shop could do was wipe it for him

    3. Marty McFly
      Big Brother

      Re: IT worker?

      Totally explains why he was RIF'd - not too smart.

      Yeah, grab a Ghost image so you can go back later to retrieve any files. Then wipe the disk (not just FDISK). Hand it back completely sanitized.

      At the end of the day physical security is still king. As long as he had physical control of the system he could do what he wanted to it.

      As for an encrypted hard disk.... As long as he didn't put it on a network, the machine has no idea the access was revoked and should have let him in with his existing cached credentials.

  4. LewisRage

    I assume IT Worker here means...

    ...a project manager/business analyst/scrum master who understands fuck all about IT and yet makes the IT decisions.

    Clearly anyone who's used a computer for more than Excel and Project and actually works in IT would have just wiped the HD from a live CD if they were genuinely worried about the stored data, or swapped in a fresh SSD if they just wanted to steal the thing.

    1. Joe Werner

      Re: I assume IT Worker here means...

      Boot from a CD? Right. Because work laptops totally allow this if the IT department is not made up by a bunch of imbeciles...

    2. Chris King Silver badge
      Coat

      Re: I assume IT Worker here means...

      "...a project manager/business analyst/scrum master"

      Or as one colleague once said of another "So you said she's a Scrum Five or something ?"

    3. LDS Silver badge

      Re: I assume IT Worker here means...

      That's why in some environments you're no longer allowed to touch your PC before even knowing you were fired...

  5. Anonymous Coward
    Anonymous Coward

    What a pillock.

  6. Duffaboy
    FAIL

    Why

    Does anyone keep personal stuff on a work Laptop

    1. John 110

      Re: Why

      Because it doesn't matter how often you tell people that it's a work laptop, they still think it's theirs, just like my work desktop is "mine".

      Generally though, people think that they're going to have time to clear it down before they have to hand it back.

      They're not always right...

      1. Anonymous Coward
        Anonymous Coward

        Re: Why

        Generally though, people think that they're going to have time to clear it down before they have to hand it back.

        They're not always right...

        Years before full-disk encryption was a thing (or even HDD passwords) I had set up my work machine (DR-DOS & MSWin 3.11) with a boot password, so when I inevitably left that shithole, no one would be able to access the drive. Yeah, years later I found it was simple to circumvent, but none of the dimwits there would have been able to do it even if the information had been available.

  7. Wolfclaw Silver badge

    The illegal part was trying to access the laptop, when obviously his network access was removed.

    Theft charge was a dodgy one, as they would have to prove he had no entention of returning the laptop at any time.

    He should have returned it to Harrods IT and just nicely ask if somebody could login and then delete his personal information, save it to a USB or email it.

    1. Aqua Marina Silver badge

      I've found over the years that when someone is in the process of being fired, asking nicely gets completely ignored and laptops are examined with a fine tooth comb over for evidence of anything that will support the firing.

      I think all this will change with the introduction of the GDPR laws next year where privacy trumps everything. A user returning a laptop should also in writing inform the company that the laptop contains personal information, and that by denying him the access to remove the data, they have become the defacto guardian of said data and have a legal responsibility to treat it in complete confidence. Going further to that if my reading of the law is correct, he could further insist that they delete, and provide evidence of the deletion of such data. And they would have to comply.

      1. Anonymous Coward
        Anonymous Coward

        I think all this will change with the introduction of the GDPR laws next year where privacy trumps everything.

        I don't think that will make a difference. It has already been long established that an employee has no right on privacy on a company resource if (and only if) he has been notified of that at the time of joining and it's in the contract of employment. Companies who do NOT explicitly stipulate this up front must be very careful, because then the member of staff is indeed entitled to the privacy of their information, even though they use a corporate laptop.

        That battle was fought and decided a long time ago in a manner I actually find quite reasonable.

        1. Anonymous Coward
          Anonymous Coward

          I am afraid you are wrong. Post 25/5/18 the company will have to treat the data securely and the employee will be able to contact his employer and ask for ALL personally identifiable data (which include NI numbers) that they hold about him, hard and soft copy, and then ask for proof that all of this information be deleted shd he request this course of action. And they have 30 days to comply.

          1. graeme leggett Silver badge

            The company will not have to delete any information that they are required to keep by law.

            So records of the hypothetical employee's pay and national insurance including the NI number, employee roll number will all be retained for quite a while longer than 30 days

          2. barbara.hudson

            Prove it? How?

            Just how is anyone supposed to prove that they've deleted the data off of said laptop, short of mailing it back to him and letting him browse through it after fixing it so he can log onto it without accessing the company network?

            Or inviting him in to delete it himself (a sticky and potentially unpleasant situation for all involved when dealing with a fired employee)?

            Others have pointed out that the company already has his personal information, but that's irrelevant. The laptop will probably be re-assigned to someone who won't have the right to that information, and it's not like every company re-images every computer before handing it out to the next user.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019