ICO deals out £160,000 in data breach fines

The ICO has used its fining powers for the first time, reprimanding a local council and an employment services firm.

The Information Commissioner's Office (ICO) has dealt out its first fines since it was handed additional powers in April.

The data protection watchdog has been under increasing scrutiny in recent months, with some suggesting it had not gone far enough to impose its authority, particularly in the Google Street View case.

Today the ICO announced a 100,000 penalty was handed to Hertfordshire County Council, whilst employment services company A4e was hit with a 60,000 fine.

According to the watchdog, the council was reprimanded for two serious incidents when employees faxed highly sensitive personal information to the wrong recipients.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In one case, details relating to child sex abuse meant to go to barristers' chambers were sent to a member of the public. The other misdirected fax covered details of care proceedings.

"It is difficult to imagine information more sensitive than that relating to a child sex abuse case," said information commissioner Christopher Graham.

"I am concerned at this breach - not least because the local authority allowed it to happen twice within two weeks."

A4e had an unencrypted laptop stolen, which contained personal data on 24,000 people who had used community legal advice centres in Hull and Leicester.

There was an unsuccessful attempt to access the data on the laptop after it was stolen

"The laptop theft, while less shocking, also warranted nothing less than a monetary penalty as thousands of people's privacy was potentially compromised by the company's failure to take the simple step of encrypting the data," Graham added. "These first monetary penalties send a strong message to all organisations handling personal information. Get it wrong and you do substantial harm to individuals and the reputation of your business."

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/network-internet/broadband/354530/openreach-offers-free-full-fibre-installation-for-thousands-of
broadband

Openreach offers free full-fibre installation for thousands of homes

14 Jan 2020
Visit/security/vulnerability/354524/microsoft-to-patch-extraordinarily-serious-cryptographic-flaw
vulnerability

Microsoft to patch ‘extraordinarily serious’ cryptographic flaw

14 Jan 2020