On November 24 2010 the Information Commissioner’s Office (ICO) issued its first monetary penalties against Hertfordshire County Council and the employment services company A4e for serious breaches of data protection.
The first penalty, of £100,000, was issued to Hertfordshire County Council for two serious incidents where council employees faxed highly sensitive personal information to the wrong recipients. The second monetary penalty, of £60,000, was issued to employment services company A4e for the loss of an unencrypted laptop which contained personal information relating to 24,000 people who had used community legal advice centres in Hull and Leicester. A number of similar cases are currently under investigation and further such penalties may result.
The move follows the ICO being handed new powers on 6 April 2010 to issue monetary penalty notices, requiring organisations to pay up to £500,000 for serious breaches of the Data Protection Act. The ICO expect to impose 25 Monetary Penalty Notices, each of up to £500k, per annum. Organisations that fail to take reasonable measures that they ought to have taken to comply with the DPA will be in the firing line.
Buy this Complete Data Protection toolkit today to ensure that your organisation can avoid fines and brand damage. This complete DPA toolkit contains everything you need to do it yourself!