Companies face fines of £500,000 for losing data

As of today, the ICO has been granted powers to issue penalties of up to £500,000 for businesses or Government departments found in breach of the Data Protection Act.

money flying out of a computer

The Information Commissioner's Office (ICO) has been granted new powers by the Government that could see organisations facing fines of up to 500,000 for breaching the Data Protection Act.

The ICO's new powers come into force today, and give the organisation significantly greater muscle in taking on data security breaches. Firms now risk a fine of 500,000 for losing consumer data equivalent to more than 10 per cent of most small companies' annual turnover, and a figure 100 times higher than the previous maximum penalty the ICO could impose.

Advertisement - Article continues below

The stricter powers are seen as a necessary response to the increase in the incidence of data loss due to negligence across many Government departments in recent years. They will see the ICO able to issue compulsory audit notices to any Government department found in breach of the Data Protection Act.

The severity of the fine will be determined on the basis of the precautions taken by the company or department in question, and the nature of the data security breach.

According to the ICO's guidelines on the Data Protection Act, the most serious fines will occur in cases where the data controller responsible has "seriously contravened the data protection principles and the contravention was of a kind likely to cause substantial damage or substantial distress".

Advertisement - Article continues below

The harsher penalties were first recommended in January in an ICO report to Parliament entitled Civil Monetary Penalties Setting the Maximum Penalty.

At the time, Information Commissioner Christopher Graham warned companies that the tougher fines were a sign that the ICO was taking data security breaches more seriously than ever.

Advertisement - Article continues below

"Getting data protection right has never been more important than it is today. When things go wrong, a security breach can cause real harm and great distress to thousands of people. These penalties are designed to act as a deterrent and to promote compliance with the Data Protection Act," he said, before adding: "I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law."

Web security firm Symantec, meanwhile, has issued a set of guidelines aimed at helping businesses protect confidential data more securely and avoid being on the wrong side of a hefty fine.

Its recommendations include making sure a robust security policy is in place with strict guidelines on how and when data can leave the business premises, protecting all business hardware with the latest security software, ensuring all passwords are as strong as possible, and paying attention to non-electronic security measures such as paper-shredding too.

Advertisement - Article continues below

"The ICO is aiming to give the Data Protection Act teeth' and is clearly concerned about several high profile cases where unencrypted, confidential data residing on laptops and USB sticks has been lost and stolen," said Mike Jones, Symantec's principal product marketing manager.

"The impact of the vast majority of these cases could have been easily mitigated or avoided altogether by following security best practice such as protecting data and having clear guidelines in place for how data is used."

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now



K2View innovates in data management with new encryption patent

28 May 2020
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020

Most Popular

Microsoft Windows

Microsoft warns users not to install Windows 10's May update

28 May 2020
cyber security

Microsoft bans Trend Micro driver from Windows 10 for "cheating" hardware tests

27 May 2020
data protection

NHS yet to understand risks of holding Test and Trace data for 20 years

29 May 2020