In April 2010, the Information Commissioner will be given the power to fine organisations up to £500,000 for serious breaches of the Data Protection Act 1998. This will be a substantial addition to his arsenal and means the UK will move from one of the least robust enforcement regimes in Europe to one of the strongest.
Half a million reasons to take data protection seriously
It is likely that most monetary penalty notices will be issued for security breaches. The Information Commissioner took vigorous action against security breaches in 2009 (issuing 44 undertakings) and the Guidance is peppered with references to security breaches and states that a single breach can trigger a penalty. Security breaches are also likely to satisfy the three threshold criteria for such a notice; a serious contravention, likely to cause substantial damage or distress, that is deliberate or reckless.
|
|
