ICO Powers Anniversary accompanied by new warning. £310,000 handed out in fines to local government. Risk of fines for losing personal data never higher
London, 5 April 2011; One year on from the introduction of enhanced powers for theInformation Commissioner’s Office (ICO), information destruction company Shred-itwarns that all organisations must ensure the safety of personal information.
Since the new powers were given to the ICO on April 6 2010, just four prosecutionshave been made and all have been for data breaches from councils in England.Finestotalling over £300,000 have been levied as a result.
Robert Guice, Executive Vice President, Shred-it UK, said: "The quantity and frequencyof these fines shows that the ICO is starting to use its enhanced powers that allowsit to fine those responsible for a data breach up to £500,000, depending onthe severity of the breach"
"These fines illustrate that organisations either do not have the correct policiesin place to handle data of a sensitive nature, or that they are not aware of theconsequences of breaching the Data Protection Act"
The ICO issued its first fines in November last year to a county council which thatfaxed details of a child sex abuse case to a member of the public. Seen as a veryserious breach the council was fined £100,000. In the same month, a companyinformation provider was fined £60,000 for losing an unencrypted laptop containingthe personal details of 24,000 people who had used community legal advice centresin Hull and Leicester.
The second tranche of fines were issues to two local authorities in London who werefound guilty of losing the details of over 1,700 people and were issued penaltiestotalling £150,000.
In March this year, two estate agents have received far lesser fines for self-reportingtheir data breaches to the regulators, indicating that the ICO is encouraging organisationsto come forward and report breaches rather than hoping they will go undiscovered.A further two public bodies currently under investigation by the ICO.
Electronic databases are not exempt either as a leading university admitted to abreach leaving the personal details of 148 students available to anyone who couldaccess the internet.
Robert Guice continued: "The value of data is now easily quantifiable making itmore appealing to fraudsters. Organisations who cannot afford to have a sole employeededicated to document management must be aware of these potential threats as theycan be seen as an easy target.
"It is up to businesses to implement a document management storage and destructionpolicy that complies with the necessary regulation and is understood by all employees.This will limit the potential of a data breach and an investigation by the ICO"