ICO deals out £160,000 in data breach fines
By Tom Brewster,
The Information Commissioner’s Office (ICO) has dealt out its first fines since it was handed additional powers in April.
The data protection watchdog has been under increasing scrutiny in recent months, with some suggesting it had not gone far enough to impose its authority, particularly in the Google Street View case.
Today the ICO announced a £100,000 penalty was handed to Hertfordshire County Council, whilst employment services company A4e was hit with a £60,000 fine.
According to the watchdog, the council was reprimanded for two serious incidents when employees faxed highly sensitive personal information to the wrong recipients.
In one case, details relating to child sex abuse meant to go to barristers’ chambers were sent to a member of the public. The other misdirected fax covered details of care proceedings.
“It is difficult to imagine information more sensitive than that relating to a child sex abuse case,” said information commissioner Christopher Graham.
“I am concerned at this breach - not least because the local authority allowed it to happen twice within two weeks.”
A4e had an unencrypted laptop stolen, which contained personal data on 24,000 people who had used community legal advice centres in Hull and Leicester.
There was an unsuccessful attempt to access the data on the laptop after it was stolen
“The laptop theft, while less shocking, also warranted nothing less than a monetary penalty as thousands of people’s privacy was potentially compromised by the company’s failure to take the simple step of encrypting the data,” Graham added.
“These first monetary penalties send a strong message to all organisations handling personal information. Get it wrong and you do substantial harm to individuals and the reputation of your business.”
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Public Sector Analysis & Insight
The Digital Economy Act: Is it doomed to never happen?
As a further delay hits part of the implementation of the Digital Economy Act, is this just a small hiccup, or is the Act being rendered toothless already? Simon Brew takes a look.
- Does the government want to snoop on your data?
- Q&A: Rajeeb Dey, CEO Enternships
- Government IT: Apples for the mandarins
- Striving to solve the security skills crisis
- 2011: The year in news
- Are the cookie laws crumbling already?
- UK rural broadband: too little, and too late
- How the Data Protection Act's death will punish the UK economy
- Education: glad to be a geek
Latest Public Sector Reviews
HTC Flyer review: First Look
- HP TouchPad review: First Look
- RIM BlackBerry PlayBook review - First Look
- MWC 2011: Acer Iconia A100 and A500 reviews – first look videos
- MWC 2011: HP TouchPad review - first look video
- MWC 2011: RIM BlackBerry PlayBook review - first look video
- MWC 2011: HP Pre3 review - first look video
- MWC 2011: Motorola Pro review - first look video
- MWC 2011: HTC Flyer tablet review - first look video
- MWC 2011: Samsung Galaxy Tab 10.1 review – first look video
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Public Sector
Q&A: David Elton, PA Consulting Group
PlayCIOs are increasingly influential, but have to juggle "dual roles", study finds.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
A sad day for information security
Resorting to punitive measures, such as fines, represents a sad day in the history of information security. Alas, the repeated examples of lax corporate and public sector security awareness and compliance have made it an unfortunate necessity.
The sizable fines the Information Commissioner’s Office can impose, as demonstrated in these cases, will hopefully deter organisations of all types from falling behind on data security.
However, if past instances of data loss and theft teach us anything, it is that regulation alone will not solve the problem. Such measures must be aligned with an overall government effort to encourage and build a culture of security best practice and common sense, underpinned by solid technologies that can deliver the level of security required by law and be able to cope with emerging threats and the changing ways in which we work.
Kurt Johnson, vice president of corporate strategy and development at Courion
By Ip_courion3a5e03 on Wednesday Nov 24
The ICO flexes its muscles
As the ICO finally seems to be toughening up http://bit.ly/gA5jfs it raises questions about how the fines are applied. Whilst it is disappointing that Google could not be fined as the offence occured before the ICO could implement stronger penalties, to hear of local councils receiving large fines is also concerning for the public. A balance surely needs to be met, potentially basing the fine not only on the size of the breach, but also of the organisation at fault. It remains to be seen how much these fines will act as a deterrant.
By MSC_247 on Wednesday Nov 24