ICO deals out £160,000 in data breach fines
The ICO has used its fining powers for the first time, reprimanding a local council and an employment services firm.
The Information Commissioner's Office (ICO) has dealt out its first fines since it was handed additional powers in April.
The data protection watchdog has been under increasing scrutiny in recent months, with some suggesting it had not gone far enough to impose its authority, particularly in the Google Street View case.
Today the ICO announced a 100,000 penalty was handed to Hertfordshire County Council, whilst employment services company A4e was hit with a 60,000 fine.
According to the watchdog, the council was reprimanded for two serious incidents when employees faxed highly sensitive personal information to the wrong recipients.
In one case, details relating to child sex abuse meant to go to barristers' chambers were sent to a member of the public. The other misdirected fax covered details of care proceedings.
"It is difficult to imagine information more sensitive than that relating to a child sex abuse case," said information commissioner Christopher Graham.
"I am concerned at this breach - not least because the local authority allowed it to happen twice within two weeks."
A4e had an unencrypted laptop stolen, which contained personal data on 24,000 people who had used community legal advice centres in Hull and Leicester.
There was an unsuccessful attempt to access the data on the laptop after it was stolen
"The laptop theft, while less shocking, also warranted nothing less than a monetary penalty as thousands of people's privacy was potentially compromised by the company's failure to take the simple step of encrypting the data," Graham added. "These first monetary penalties send a strong message to all organisations handling personal information. Get it wrong and you do substantial harm to individuals and the reputation of your business."
In This Article
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now