This article was published in Info4Security
The Government has launched a consultation seeking views on implementing a maximum penalty of £500,000 for serious breaches of the data protection principles.
The consultation, entitled ‘Civil Monetary Penalties: setting the maximum penalty', asks whether new fines will provide the Information Commissioner's Office (ICO) with a proportionate sanction to impose on those seriously contravening the data protection principles.
Justice Minister Michael Wills has stated: "The Government is committed to ensuring that personal data is handled and processed responsibly and lawfully. We want to ensure that the Information Commissioner's Office has the powers it needs at its disposal, and is able to impose robust penalties on those who commit serious breaches of data protection principles."
Following discussions with the ICO, the Government proposes that a fixed maximum penalty will afford the former the necessary flexibility and discretion to deal effectively with a large number and range of data controllers.
These proposals have been welcomed and praised by Shred-it, one of the UK's leading document destruction companies, as "a step forward for UK data security practices".
Improvement to data security
Currently, the ICO has the power to fine organisations up to £5,000 for serious breaches of the Data Protection Act, but these new measures are expected to act as an effective deterrent to improve data security within the UK economy.
Robert Guice, the executive vice-president of Shred-it, said: "With fraud on the rise amid the ongoing recession, data security is now more important than ever for UK businesses looking to protect their financial standing and corporate reputation. The potential costs of a data security breach could run into millions of pounds, leading to dented credit ratings, angry or lost customers and irreparable damage to client trust."
Guice added: "These new measures from the Ministry of Justice are a positive step forward for UK data security standards, and reflect the serious impact that improper data and document management can have on business stability for the economy as a whole."
Vigilance required on document management procedures
According to Shred-it, to avoid falling victim to data fraud, UK businesses need to be extremely vigilant at all times about their document management procedures, focusing not only on confidential information stored electronically, but also paper-based documentation.
Guice continued: "Although the electronic transfer and exchange of confidential information is now an everyday occurrence, the printing of documents is still standard practice in most workplaces."
"For the majority of businesses, firewalls are considered a must-have tool to safeguard sensitive electronic data, but the information contained in printed documents is often easier to access than the originals saved on a computer, representing a significant risk to business security if they ever fall into the wrong hands."
Invoices, company reports, payroll information, customer lists and even complaints are all highly confidential, and therefore need to be securely destroyed, but are all-too-often simply thrown in the bin by employees who do not realise their importance.
In conclusion, Guice stressed: "Implementing a secure document destruction programme is the safest way to ensure all of your sensitive corporate information is completely destroyed, as a means of avoiding this type of data security breach, and of course the fines which may result."