Big Fines for Data Breaches
A Carlisle solicitor is warning organisations in the public and private sector to take extra care with personal data after the authority set up to uphold our information rights used its powers to impose fines for the first time.
The Information Commissioner’s Office (ICO) was given the power to issue fines for serious data breaches in April 2010 and has now applied that power with gusto in issuing two weighty fines of £100,000 and £60,000 to a local authority and to a private limited company respectively.
Now Caroline Redhead, an Associate Solicitor at Burnetts in Carlisle, Newcastle and Whitehaven, is advising organisations to urgently review their data protection measures. In particular, she is warning organisations to avoid sending personal data by fax without putting in place the security measures which the ICO has recommended and also to ensure that data on laptops is encrypted.
Hertfordshire County Council was one of the organisations fined: on two separate occasions, its Childcare Litigation Unit faxed highly sensitive personal information to the wrong recipients. The first fax related to an ongoing child sexual abuse case and the second related to three children who were the subject of care proceedings and included personal information relating to 18 individuals, including the criminal convictions of two of them.
Sheffield-based A4E Limited was fined following the theft of an employee’s laptop during the course of a burglary at her home. The private limited company, is contracted by the Legal Services Commission to operate Community Legal Advice Centres and has other contracts with public sector organisation. The laptop was not encrypted although it contained personal and sensitive data relating to 24,000 clients.
Caroline said, “The Information Commissioner is sending out a strong message to all organisations handling personal information and it is essential to take note of his willingness to impose these very serious fines, especially if you are handling sensitive data, the loss of which could cause substantial damage and distress. Organisations should take time to review their data processing activities and any measures against accidental loss of personal data.”
Caroline has written an advisory note for organisations which details the ICO’s latest recommendations on compliance with the Data Protection Act. A copy of this guidance is available at here or by contacting Caroline on 01228 552222 or at firstname.lastname@example.org
Published: Tuesday 21st December 2010
Categorised: Corporate Law