‘The Information Commissioner Gets Tough’
We have just prepared a short bulletin on this topic which has been sent to our corporate and not for profit clients. In November, the Information Commissioner’s Office issued its first fines for serious breaches of the Data Protection Act.
Both public sector organisations and private companies have been fined – in one case as much as £100,000 (although the maximum possible is £500,000). The breaches were for relatively ordinary (and possibly commonplace) operational and day-to-day issues such as misdirected faxes and unencrypted laptops. However, in both cases the information was highly sensitive.
The bulletin offers some practical advice on what to do to avoid breaches in your organisation and offers some guidance on testing your Data Protection compliance procedures.