IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

ICO pushes £500,000 fines for data breach offenders

Data controllers found guilty could land their companies a half-million pound penalty if new measures proposed by the Information Commissioners Office are approved

The Information Commissioners Office (ICO) has announced details of strict new financial penalties facing companies that breach the Data Protection Act (DPA).

The penalty for data controllers found guilty of serious breaches of the Act could be as high as 500,000 if proposed new ICO measures are approved by Parliament.

The ICO report, entitled Civil Monetary Penalties Setting the Maximum Penalty, detailed the proposed new fines, which could run as high as half a million pounds depending on how serious the offence is, how likely it is to cause substantial damage or distress, and whether the controller's actions were deliberate or the offence allowed to occur in a manner akin to recklessness.

These powers are already set down in the DPA and have been since October but cannot be enforced by the ICO until a maximum penalty is put in place.

Despite the severity of the maximum fine, the ICO insists it will take a "pragmatic and proportionate approach" to issuing penalties, considering the size and sector of an organisation, its resources, and of course the severity of the data breach.

"Getting data protection right has never been more important than it is today," said Information Commissioner, Christopher Graham.

"When things go wrong, a security breach can cause real harm and great distress to thousands of people. These penalties are designed to act as a deterrent and to promote compliance with the Data Protection Act.

He added: "I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law."

An accompanying statement on the Ministry of Justice website says several penalty frameworks were considered in a consultation running until just before Christmas, before the half-million ceiling was set.

"[The report] asked for views on whether new fines of up to half a million pounds would provide the ICO with a proportionate sanction to impose on those who either deliberately or knowingly seriously contravene the data protection principles," the statement read.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Tory party delays leadership selection over hacking fears
hacking

Tory party delays leadership selection over hacking fears

3 Aug 2022
UK government puts Online Safety Bill 'on ice'
Policy & legislation

UK government puts Online Safety Bill 'on ice'

14 Jul 2022
ICO crackdown on AI recruitment part of three-year vision to save businesses £100 million
data protection

ICO crackdown on AI recruitment part of three-year vision to save businesses £100 million

14 Jul 2022
Oracle to build sovereign cloud regions in the EU for 2023
data governance

Oracle to build sovereign cloud regions in the EU for 2023

12 Jul 2022

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Electrical explosion reported at Google's Iowa data centre
data centres

Electrical explosion reported at Google's Iowa data centre

9 Aug 2022