The government has started a consultation on the
possibility of levying penalties of £500,000 forserious breaches of data protection
principles.
The consultation,
"
Civil monetary penalties: setting the maximum penalty", asks
whether new fines of up to £500,000 will provide the Information
Commissioner's Office (ICO) with a proportionate sanction to
impose.
Justice
Minister, Michael Wills, said: "We want to ensure that the ICO
has the powers it needs and is able to impose robust penalties on
those who commit serious breaches of data protection
principles."
The aim is to discourage non-compliance of the
Data Protection Act by data controllers; encourage data
controllers to approach the ICO when they have concerns about data
protection processes; and help improve public confidence in the
security of personal data.
The Ministry of Justice says any organisation that processes
data will potentially be affected by these proposals. In 2009 there
were about 319,000 data controllers registered on the public
register of data controllers. These range from central government
departments and other public bodies to businesses of all sizes in
the private sector.
The
consultation closes on 21 December 2009. The ICO will publish
detailed guidance showing the criteria it will use and the
circumstances it will consider when issuing civil monetary
penalties. The ICO's power to impose civil monetary penalties was
inserted into the Data Protection Act 1998 through an addition last
year.
Consultation documents - Ministry of Justice website