Last December this blog detailed the first fines handed out by the Information Commissioner for serious breaches of the Data Protection Act. Those fines may have been the first, but they clearly aren't to be the last. Indeed, Ealing and Hounslow Councils have just been given monetary penalties of £80000 and £70000 respectively.
Ealing's penalty relates to two laptops that were stolen from the home of an employee of the council's 'out of hours' service that contained the details of 1700 people including those employed by Hounslow Council. Hounslow, on the other hand, were found to have failed to implement good monitoring procedures and had also failed to have in place a written contract (with Ealing) governing the processing of personal information.
The penalties were levied because although the laptops were password protected, the data itself was unencrypted.
The penalty system is not going to go away and those holding and processing data should note that the Information Commissioner can levy fines of upto £500000.