Following a period of consultation the Secretary of State for Justice Jack Straw has this week approved statutory guidance on fines for serious breaches of the Data Protection Act 1998. The new power to fine is expected to come into force on 6 April 2010 and will enable the ICO to issue fines of up to £0.5m without taking the wrong-doer to court.
The statutory guidance sets out the basis upon which the ICO will impose fines and runs to over 30 pages. It lays out some of the matters which the ICO will consider when issuing fines, including the seriousness of the breach, the likelihood of substantial damage and distress to individuals, whether the breach was deliberate or negligent and what reasonable steps the organisation has taken to prevent breaches.
In a press release announcing the new power the Information Commissioner Christopher Graham said: “These penalties are designed to act as a deterrent and to promote compliance with the Data Protection Act. I remain committed to working with voluntary, public and private bodies to help them stick to the rules and comply with the Act. But I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law.”
For further information as to the circumstances in which fines may be issued see our article “Data Protection fines - the £500,000 question” in the News Centre section of the Rollits website at www.rollits.com or email tom.morrison@rollits.com.
Tom Morrison
This article is for general guidance only and action should not be taken without obtaining specific advice.
Please refer to our Terms of Use for further information.
