ByteSize
£500,000 for Data Protection breaches
2010-01-29
The Ministry of Justice has announced plans to give the Information Commissioner the power to impose penalties of up to £500,000 on data controllers who seriously breach the Data Protection Act 1998. The ICO would have power to issue a monetary penalty notice if a serious contravention occurs. A ‘serious
contravention’ is one that:
(a) would be likely to cause substantial damage or distress; and
(b) is either deliberate or reckless (i.e. the data controller knew or ought
to have known of a risk of a serious breach but failed to take steps to prevent
it.)
The Information Commissioner has simultaneously produced draft guidance setting
out how this potential new power would be exercised, stating that a monetary penalty notice would only be used as a punishment where there had been a deliberate or reckless handling of personal data. When deciding the extent of the penalty, the Information Commissioner will take into account the data controller’s size, the financial resources available to the data controller and the sector in which the data controller operates.
At present, the Information Commissioner has limited powers to “punish”
offenders of the Data Protection Act.
The Information Commissioner can issue enforcement notices for breaches of the
data protection principles. However, as enforcement notices merely require a
data controller to change its practice, the Government believes that enforcement
notices alone are not appropriate sanctions for serious breaches of the Data
Protection Act.
The Information Commissioner can bring criminal proceedings for some data
protection offences, including non compliance with enforcement notices, failure
to notify as a data controller and unlawfully obtaining personal data.
The new penalty would allow the Information Commissioner to directly punish
serious offenders of data protection law. Although not a criminal sanction, the
power to impose a “fine” of up to £500,000 should deter businesses from
breaching the data protection principles and encourage compliance with the Data
Protection Act.
Call us now:
0115 9 100 200
ByteSize:
View up to date legal articles
