The recent conviction of Mark Lloyd brings a clear warning to departing employees - taking customer lists to your new job could land you with a criminal record. Mr Lloyd emailed the details of 957 of his employer's customers to his personal email address before starting a role with a rival company. The documents contained personal information including the contact details of clients, as well as purchase history and commercially sensitive information. Sound familiar? Managing the insider threat is a common security concern for most businesses. It has been an issue for decades and is nothing new but this recent enforcement action taken by the Information Commissioner's Office is a sign that the UK regulator is flexing its muscles and getting tough. In May 2016, Mr Lloyd pleaded guilty to unlawfully obtaining personal data under section 55 of the Data Protection Act 1998. His punishment may be modest in financial terms (a £300 fine and some costs) but he now has a criminal record which is likely to have major implications on his life and ability to find new work. This is a step in the right direction when it comes to tackling data theft. Employers have always been able to obtain injunctions in the civil courts to get back confidential data and to protect customer relationships. However, this adds another string to their bow when it comes to tackling data theft. The message sent by the ICO in this case acts as an effective deterrent to those who might be contemplating stealing work product and customer lists before they leave. We now know that reporting an incident of this nature to the ICO may no longer go unanswered.