Data Protection Fines Imposed

With effect from 6th April 2010, the Information Commissioner has had the power to impose fines for breaches of the Data Protection Act 1998 up to £500,000.

The Commissioner has just announced the first fines to be imposed under the new power. In the first case, Hertfordshire County Council was fined £100,000 for two serious incidents where council employees faxed highly sensitive personal information to the wrong recipients. The first incident involved a child sex abuse that was before the courts, whilst the second involved details of care proceedings. In the second case A4e, an employment services company, was fined £60,000 for the loss of an unencrypted laptop containing personal information relating to 24,000 people who had used community legal advice centres in Hull and Leicester. The information included full names, dates of birth, postcodes, employment status, income level, information about alleged criminal activity and whether an individual had been a victim of violence.

Both these cases clearly involved what were serious breaches of the Data Protection Act involving highly sensitive personal data. However, they serve as a timely reminder to all organisations handling personal data that they must take their responsibilities under the Act seriously. If you get it wrong you may not only do substantial harm to individuals and the reputation of your business. You could also incur a substantial financial penalty.

If you would like to know more, please contact Nick Crook or David Dees.

Filed: 25/11/2010 16:03:09