Increased penalties for data protection breaches

Organisations could face fines of up to £500,000 if found guilty of serious data protection breaches, according to new Government rules set to be enforced this year.

Public sector, voluntary and private organisations have been warned by the Information Commissioner’s Office (ICO) that new statutory guidance will severely punish data protection breaches, starting from 6 April.

The new regulations, which have been approved by Justice Secretary Jack Straw, will determine the size of financial penalties based on an investigation into the severity and extent of an organisation’s breach, as well as its size and finances at that time, and the deliberate or accidental nature of the incident.

With more and more consumers using the internet to input credit card details and other private information, the ICO believes it is important for businesses to recognise the consequences of poor data protection systems.

“These penalties are designed to act as a deterrent and to promote compliance with the Data Protection Act,” said Information Commissioner, Christopher Graham.

“I remain committed to working with voluntary, public and private bodies to help them stick to the rules and comply with the Act. But I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law.”

The original Data Protection Act was introduced in 1984. The most recent Act of 1998 detailed that data can only be used for the purposes for which it is collected and cannot be given to others without the consent of the individual.

But, with the internet now bulging at the seams with personal information, the ICO’s new initiative will look at giving much needed modernisation and increased protection to the British public.

“Organisations need to take the data protection rules seriously to avoid these large fines, which add major weight to the UK laws. Data security both in terms of how data is stored, transported and protected (e.g. from hackers) will be key to avoiding these big fines,” commented Tracey Dickens, Birkett Long’s Data Protection Officer and Head of the Commercial and Corporate Finance Team.

The contents of this article are intended for general information purposes only and shall not be deemed to be, or constitute legal advice. We cannot accept responsibility for any loss as a result of acts or omissions taken in respect of this article.