IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Companies face fines of £500,000 for losing data

As of today, the ICO has been granted powers to issue penalties of up to £500,000 for businesses or Government departments found in breach of the Data Protection Act.

money flying out of a computer

The Information Commissioner's Office (ICO) has been granted new powers by the Government that could see organisations facing fines of up to 500,000 for breaching the Data Protection Act.

The ICO's new powers come into force today, and give the organisation significantly greater muscle in taking on data security breaches. Firms now risk a fine of 500,000 for losing consumer data equivalent to more than 10 per cent of most small companies' annual turnover, and a figure 100 times higher than the previous maximum penalty the ICO could impose.

The stricter powers are seen as a necessary response to the increase in the incidence of data loss due to negligence across many Government departments in recent years. They will see the ICO able to issue compulsory audit notices to any Government department found in breach of the Data Protection Act.

The severity of the fine will be determined on the basis of the precautions taken by the company or department in question, and the nature of the data security breach.

According to the ICO's guidelines on the Data Protection Act, the most serious fines will occur in cases where the data controller responsible has "seriously contravened the data protection principles and the contravention was of a kind likely to cause substantial damage or substantial distress".

The harsher penalties were first recommended in January in an ICO report to Parliament entitled Civil Monetary Penalties Setting the Maximum Penalty.

At the time, Information Commissioner Christopher Graham warned companies that the tougher fines were a sign that the ICO was taking data security breaches more seriously than ever.

"Getting data protection right has never been more important than it is today. When things go wrong, a security breach can cause real harm and great distress to thousands of people. These penalties are designed to act as a deterrent and to promote compliance with the Data Protection Act," he said, before adding: "I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law."

Web security firm Symantec, meanwhile, has issued a set of guidelines aimed at helping businesses protect confidential data more securely and avoid being on the wrong side of a hefty fine.

Its recommendations include making sure a robust security policy is in place with strict guidelines on how and when data can leave the business premises, protecting all business hardware with the latest security software, ensuring all passwords are as strong as possible, and paying attention to non-electronic security measures such as paper-shredding too.

"The ICO is aiming to give the Data Protection Act teeth' and is clearly concerned about several high profile cases where unencrypted, confidential data residing on laptops and USB sticks has been lost and stolen," said Mike Jones, Symantec's principal product marketing manager.

"The impact of the vast majority of these cases could have been easily mitigated or avoided altogether by following security best practice such as protecting data and having clear guidelines in place for how data is used."

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

ICO crackdown on AI recruitment part of three-year vision to save businesses £100 million
data protection

ICO crackdown on AI recruitment part of three-year vision to save businesses £100 million

14 Jul 2022
The public sector will no longer face eye-watering data breach fines, ICO confirms
public sector

The public sector will no longer face eye-watering data breach fines, ICO confirms

1 Jul 2022
MoJ faces £17.5m GDPR fine over subject access request backlog
data protection

MoJ faces £17.5m GDPR fine over subject access request backlog

20 Jan 2022
Cabinet Office fined £500,000 for New Year Honours data leak
data breaches

Cabinet Office fined £500,000 for New Year Honours data leak

3 Dec 2021

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022