Sales
0161 215 3700
0800 458 4545
Support
0800 230 0032
0161 215 3711

First Fines Issued Over Data Protection Breaches

First Fines Issued Over Data Protection Breaches

The Information Commissioner's Office has finally issued its first monetary penalties six months after being given the power to issue fines for data breaches.

The data protection watchdog, which has come under fire for its failure to act in earlier cases, such as the Google Street View breach, got tough in issuing two fines totalling £160,000.

The first culprit handed a fine was Hertfordshire County Council, which was punished for twice sending faxes containing child abuse case details to the wrong recipients.

But the ICO finally seemed to have met the computer-based data threat head on when it fined employment services company A4e £60,000 for losing an unencrypted laptop.

According to the ICO, the notebook contained the personal details of 24,000 people that had used legal advice centres in Hull and Leicester.

"These first monetary penalties send a strong message to all organisations handling personal information," information commissioner Christopher Graham said in a statement. "Get it wrong and you do substantial harm to individuals and the reputation of your business."

Both breaches occurred back in June, shortly after the watchdog was given the power to issue penalties of up to £500,000.

The A4e case stemmed from the company issuing an employee with an unencrypted laptop, which was later stolen from the staff member's house.

The notebook contained personal information - including full names, dates of birth, postcodes, employment status, income level, alleged criminal activity and whether individuals had been victims of violence - of 24,000 people.

According to the ICO, the thieves tried unsuccessfully to access data shortly after stealing the laptop and the £60,000 fine reflected the "substantial distress" that could have been caused by the loss.

"A4e did not take reasonable steps to avoid the loss of the data when it issued the employee with an unencrypted laptop, despite knowing the amount and type of data that would be processed on it," the ICO said.


print this article

Return to security news headlines
View Security News Archive

Share with: