A FORMER council leisure centre boss secretly gathered confidential computer records with personal and medical details of nearly 2,500 clients for his own use, a court heard.

Now Paul Hedges has been ordered to pay £4,391, after being found guilty of two counts of illegally obtaining personal data without the consent of former bosses at Southampton City Council.

Southampton Magistrates’ Court heard how Hedges, 42, of Manor Farm Road, Bitterne, carried out the offences after learning he would be made redundant from his role as a community health manager at Bitterne Leisure Centre in December 2010.

The authority was axing its Active Options service where Hedges carried out fitness assessments and planned exercise routines for people with obesity, diabetes and mild mental health problems, who were referred by GPs.

But on his last day at work on April 28, 2011, he sent two emails from his office computer to his home email containing names, addresses and medical records of 2,471 service users.

Barrister James Harrison told the court how Hedges and a colleague had arranged with the council to set up his own company under the Active Options name with the same logo and telephone number.

But sports and storage manager Alison Baker said he had not asked permission to use the data telling the court it was a “clear breach” of information policies.

A month later medical experts suspected Hedges was contacting former clients and although he denied the accusations, they launched an investigation.

In court Hedges admitted he sent the emails – which included details such as ethnicity, height, weight, blood pressure and peak flow readings – but denied contacting anyone.

He said he gathered the information in the “public interest” rather than for personal or company gain, claiming his new company offered a different fitness service and added: “If people had come back I would have the data there to make sure they exercised safely.”

He said he was “too busy” in his final weeks to formally request data from the council. Mr Harrison asked him why he could not have asked the council for individual patient data at a later date when it was needed, rather than storing thousands of records on his unsecured computer at home. But Hedges said: “I thought the data would have gone.”

Magistrate Mrs Vidal stressed the court was unable to prove whether he obtained the records for business gain, but said: “The sheer volume and highly sensitive nature of this information had the potential for great harm to be done to these people.

“It was transferred to an unsecured email and done indiscriminately without considering who you were taking. If something could have come of this you could have been looking at far greater problems than this.”

She added: “The Data Protection Act is there to protect data and you should reflect on what has happened and what could have happened.” Hedges was fined £1,500 for each breach, £1,376 costs, and a £15 victim surcharge.