May 16 2008

Data protection gets tough

The Information commissioner has just been given new powers to impose “substantial” fines on anyone who breaches the Data Protection Act

The Information Commissioner’s Office (ICO) has finally got teeth after nine years of just being able to admonish with strongly worded missives. So will this be the start of a clamp-down? It certainly sounds like it if you read the comments from Deputy Information Commissioner, David Smith (see below). The only doubt seems to be; who will be the first? and just how much “substantial” is? If the recent Ofcom fines are anything to go by then we could be seeing companies fined millions.

The ICO has repeatedly called for more effective sanctions against organisations that fail to live up to their responsibilities under the Data Protection Act introduced in 1998 and toothless until now. The Criminal Justice and Immigration Act has finally received Royal Assent creating some “real” powers for the ICO. The new legislation gives the ICO the power to impose substantial fines on organisations that deliberately or recklessly commit serious breaches of the Data Protection Act.

David Smith, Deputy Information Commissioner said: “This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people’s personal information. The prospect of substantial fines for deliberate or reckless breaches of the Data Protection Principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously.

“This new power will enable some of the worst breaches of the Data Protection Act to be punished. By demonstrating that the law is being taken seriously tougher sanctions will help to reassure individuals that data protection matters and give them confidence that organisations have no choice but to handle personal information properly.

“The fact that strengthening the Data Protection Act has cross party support demonstrates the growing consensus on importance of effective data protection.”

Last year the Information Commissioner called on UK chief executives to take the security of employees’ and customers’ personal information more seriously following a number of ‘unacceptable’ security breaches. This year he will be doing more than just warning, and if this doesn’t work Smith has hinted that he’d like to add prison as well as fines.

by Marcus Austin (Web Editor)