Data breaches to incur up to £500,000 penalty
As from the 6 April 2010 the Information Commissioner’s Office (ICO) will have new powers at its fingertips to allow them to issue a monetary penalty notice to organisations of up to £500,000.
Such extreme penalties are intended to deal with serious contraventions of the Data Protection Act and are designed to be a sanction and deterrent against data controllers who deliberately or negligently disregard the law. When serving such a penalty, the ICO will consider the seriousness of the breach, the likelihood of substantial damage and distress caused to the data subjects, whether the breach was negligent or deliberate and what reasonable steps the data controller has taken to prevent breaches.
At the same time there may be wide variations in the amount of the monetary penalty depending on the circumstances of each case. Minor contraventions may be subject to other enforcement procedures. Contributory factors such as the sector, the size, financial and other resources available to the data controller will be considered by the ICO in deciding the amount of any penalty to be imposed.
See further ICO press release.
For more information on breaches of the Data Protection Act, please contact
Christine Jackson.
