Organisations must destroy their confidential data securely or face heavy fines

(21/01/2010)

Jack Straw, the secretary of state for justice, recently ruled that The Information Commissioner’s Office (ICO) has the power to enforce hefty fines to organisations who seriously breach the Data Protection Act by failing to secure confidential data appropriately. Confidential data breaches committed by businesses could now result in a £500,000 fine.

If threatened with a penalty the Information Commissioner will take a business’s turnover, sector, size and the data breach into account before considering a fine. This will be determined by:
· Carefully considering the circumstances, including the seriousness of the data breach
· The likelihood of substantial damage and distress to individuals
· Whether the breach was deliberate or negligent and what reasonable steps the organisation has taken to prevent breaches

Jim Watson, managing director of Shred Easy, said: “These heavy fines are a warning to all organisations to destroy their confidential data securely. Every day the media is full of stories about how either government, the public sector or business workers have let confidential data escape into the public domain causing anything from fraud and theft to embezzlement.”

The power to impose these substantially increased monetary penalty notices is designed to deal with serious breaches of the Data Protection Act and is part of the ICO’s overall regulatory toolkit which includes the power to serve an enforcement notice and the power to prosecute those involved in the unlawful trade of confidential personal data.

Related topics:  Data management and data security   Security management and policies 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources