Date 8 February 2010
The Information Commissioner’s Office (ICO) has introduced legislation which from April 2010 enables it to fine organisations up to £500,000 for serious breaches of the Data Protection Act. Only the most serious breaches will result in a fine of this level being imposed; for example - breaches which are likely to cause substantial damage or distress and an element of either knowingly or recklessly breaching the provisions of the Data Protection Act.
There are a number of factors that the ICO will take into account as to the level of penalty that should be imposed, which are set out in its guidelines but are broadly as follows:
- The seriousness of the breach;
- The likelihood of damage resulting from that breach;
- Whether there was a degree of negligence or wilful breach of the Data Protection Act;
- The steps that the organisation has taken in order to safeguard the data that was subject to the breach; and
- The size and resources of the organisation.
It is clear from the new legislation that whilst the old rules allowing the ICO to take enforcement action against organisations had limited effect, the new legislation clearly has more “teeth”, enabling the ICO to take stronger action against organisations potentially within a shorter timescale.
There are also separate consultations presently being run by the Government as to whether jail terms can be imposed on people unlawfully trading personal data.
It is clear that Data Protection legislation is no longer something which organisations should ignore, particularly in light of the new severe financial penalty that can now be imposed.
If you have any queries with regard to Data Protection compliance, please contact Chris Cook on 01727 798017 or by email at chris.cook@salaw.com. If you are interested in attending a Data Protection training course due to take place on Thursday, 25 February 2010, please click here.
© SA Law 2010
Every care is taken in the preparation of our articles. However, no responsibility is accepted as being owed to any person or organisation who acts on the basis of information contained in them. You should obtain specific advice in respect of individual cases.