The UK’s data protection watchdog has flexed its newly acquired regulatory muscle by handing down large fines for data security breaches. Two fines of £100,000 and £60,000 were issued against a private company and a county council. 

The county council had on two occasions erroneously faxed highly sensitive information concerning child sexual abuse and care proceedings to the incorrect recipient.  A fine was also imposed on an employment services company following the loss of an unencrypted laptop containing personal information including information about alleged criminal activity and whether the individual had been a victim of violence. The level of the fines is indicative of the strong approach being taken by the ICO and will act as a stark reminder of the serious financial consequences of data protection breaches which can also cause untold reputational damage.   

The Information Commissioner advised that the fines “send a strong message to all organisations handling personal information. Get it wrong and you do substantial harm to individuals and the reputation of your business.”

In Ireland, the Government’s Data Protection Review Group has recommended the introduction of fines for gross breaches of the Data Protection Acts. This follows the introduction of a data breach notification code of practice by the Data Protection Commissioner in July 2010. Prevention is always better than the cure and it is important that all organisations handling personal data put in place appropriate policies and procedures to minimise the risk of security breaches.

For further information please contact John Magee or Leo Moore of our Technology & Commercial Contracts Department.