Articles
First Fines Issued for Data Protection Breaches
The Information Commissioner now has the power to fine businesses up to £500,000 for serious breaches of the Data Protection Act. Fines will be made when, in the opinion of the Information Commissioner, the breach is likely to cause damage or distress to the individual whose confidentially has been breached.
Hertfordshire County Council has been ordered to pay £100,000 fine for accidentally faxing highly sensitive personal information to the wrong recipients. The faxes were sent by the Council's childcare litigation unit and were meant to be sent to a Barrister acting on behalf of the Council. Instead, the information was sent to a member of the public.
In a similar case, an employment agency has been fined £60,000 for losing an unencrypted laptop which contained personal data on 24,000 clients of the Community Legal Advice Centres in Hull and Leicester. The agency had apparently given the laptop to an employee so that that employee could work from home and it was then stolen. An unsuccessful attempt was made to access the information stored on the laptop by the thief. The fact that the thief had been unable to access the information did not prevent the Information Commissioner from issuing the fine. Neither did the fact that in both cases, Hertfordshire County Council and the employment agency had both voluntarily notified the Information Commissioner of the breaches.
These fines re-enforce the important of companies ensuring that they have proper procedures and safeguards in place when dealing with sensitive personal data.
For more information on the above or for advice on any other employment issue please contact our employment department on 020 7354 3000 or e-mail employment@colmancoyle.com
Author Profile: David Malamatenios
Date published: 13th January 2011