Companies face fines of £500,000 for losing data

As of today, the ICO has been granted powers to issue penalties of up to £500,000 for businesses or Government departments found in breach of the Data Protection Act.

money flying out of a computer

The Information Commissioner's Office (ICO) has been granted new powers by the Government that could see organisations facing fines of up to 500,000 for breaching the Data Protection Act.

The ICO's new powers come into force today, and give the organisation significantly greater muscle in taking on data security breaches. Firms now risk a fine of 500,000 for losing consumer data equivalent to more than 10 per cent of most small companies' annual turnover, and a figure 100 times higher than the previous maximum penalty the ICO could impose.

The stricter powers are seen as a necessary response to the increase in the incidence of data loss due to negligence across many Government departments in recent years. They will see the ICO able to issue compulsory audit notices to any Government department found in breach of the Data Protection Act.

The severity of the fine will be determined on the basis of the precautions taken by the company or department in question, and the nature of the data security breach.

According to the ICO's guidelines on the Data Protection Act, the most serious fines will occur in cases where the data controller responsible has "seriously contravened the data protection principles and the contravention was of a kind likely to cause substantial damage or substantial distress".

The harsher penalties were first recommended in January in an ICO report to Parliament entitled Civil Monetary Penalties Setting the Maximum Penalty.

At the time, Information Commissioner Christopher Graham warned companies that the tougher fines were a sign that the ICO was taking data security breaches more seriously than ever.

"Getting data protection right has never been more important than it is today. When things go wrong, a security breach can cause real harm and great distress to thousands of people. These penalties are designed to act as a deterrent and to promote compliance with the Data Protection Act," he said, before adding: "I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law."

Web security firm Symantec, meanwhile, has issued a set of guidelines aimed at helping businesses protect confidential data more securely and avoid being on the wrong side of a hefty fine.

Its recommendations include making sure a robust security policy is in place with strict guidelines on how and when data can leave the business premises, protecting all business hardware with the latest security software, ensuring all passwords are as strong as possible, and paying attention to non-electronic security measures such as paper-shredding too.

"The ICO is aiming to give the Data Protection Act teeth' and is clearly concerned about several high profile cases where unencrypted, confidential data residing on laptops and USB sticks has been lost and stolen," said Mike Jones, Symantec's principal product marketing manager.

"The impact of the vast majority of these cases could have been easily mitigated or avoided altogether by following security best practice such as protecting data and having clear guidelines in place for how data is used."

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Recommended

IBM: Hackers are targeting COVID-19 vaccine 'cold chain'
Security

IBM: Hackers are targeting COVID-19 vaccine 'cold chain'

3 Dec 2020
GitHub: Open source vulnerabilities can go undetected for four years
Security

GitHub: Open source vulnerabilities can go undetected for four years

3 Dec 2020
What is shoulder surfing?
Security

What is shoulder surfing?

2 Dec 2020
Security benefits of open virtualised RAN
Whitepaper

Security benefits of open virtualised RAN

2 Dec 2020

Most Popular

Samsung Galaxy Note might be discontinued in 2021
Mobile Phones

Samsung Galaxy Note might be discontinued in 2021

1 Dec 2020
Microsoft Teams no longer works on Internet Explorer
Microsoft Office

Microsoft Teams no longer works on Internet Explorer

30 Nov 2020
Sopra Steria cyber attack costs to hit €50 million
Security

Sopra Steria cyber attack costs to hit €50 million

26 Nov 2020