PL&B UK E-news, Issue 74

1. ICO wins power to impose substantial fines for data breaches

Organisations now face substantial fines for deliberately or recklessly committing serious breaches of the Data Protection Act. The Criminal Justice and Immigration Act, which received Royal Assent (the final legislative stage) on 8 May, introduces a civil penalty rather than a criminal penalty, the result of an amendment adopted by the House of Lords last month.

The Information Commissioner can impose fines when organisations ‘knew or ought to have known that there was a risk that the contravention would occur, and that such a contravention would be of a kind likely to cause substantial distress or damage, but failed to take reasonable steps to prevent the contravention..’

Although not what it asked for, ICO welcomes the new penalty.

David Smith, Deputy Information Commissioner said: “This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people’s personal information. The prospect of substantial fines for deliberate or reckless breaches of the Data Protection Principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously.

“This new power will enable some of the worst breaches of the Data Protection Act to be punished. By demonstrating that the law is being taken seriously tougher sanctions will help to reassure individuals that data protection matters and give them confidence that organisations have no choice but to handle personal information properly.

“The fact that strengthening the Data Protection Act has cross party support demonstrates the growing consensus on the importance of effective data protection.”

The audience at Privacy Laws & Business’s 21st Annual International Conference, July 7th-9th at St. John’s College, Cambridge, will be able to question Richard Thomas, UK Information Commissioner, on how he will use these new fining powers, and how he will interpret the defence of “reasonable steps to prevent the contravention..”

For further details on the Privacy Laws & Business UK Newsletter, please click here.

Copyright Privacy Laws & Business 2008