The recent news that Business Secretary Vince Cable could face a fine of up to £500,000 if he is found to have breached the Data Protection Act highlights the importance of all businesses ensuring that personal data is kept securely.
In Mr Cable’s case, unshredded paperwork which contained personal details of his constituents, were found dumped in transparent recycling bags outside his constituency office over a nine month period.
All organisations holding or using personal data are required to comply with the Data Protection Act 1998, two key requirements of which are to use personal data fairly and lawfully (ie organisations must make sure that individuals understand how their personal data will be used) and to keep personal data secure.
Breach of the Act could result in a fine of up to £500,000 by the Information Commissioner’s Office (ICO). Examples of some of the fines imposed by the ICO since it acquired its punitive powers last year include:
- Hertfordshire County Council was fined £100,000 for two serious incidents after council employees faxed highly sensitive personal information to the wrong recipients;
- Employment services company A4e was hit with a £60,000 penalty for the loss of an unencrypted laptop which contained personal information relating to 24,000 people who had used community legal advice centres in Hull and Leicester;
- The owner of former solicitors firm ACS Law suffered a £1,000 fine for failing to keep sensitive personal information relating to around 6,000 people secure – although the ICO confirmed that the fine would have been £200,000 were it not for the fact that ACS Law had ceased trading; and
- Surrey County Council was fined £120,000 after sensitive personal information was emailed to the wrong recipients on three separate occasions.
Given the possible consequences it is clearly important that businesses take their data protection obligations seriously. For further advice please contact us at firstname.lastname@example.org