The government has started a consultation on the possibility of levying penalties of £500,000 for serious breaches...
of data protection principles.
The consultation, "Civil monetary penalties: setting the maximum penalty", asks whether new fines of up to £500,000 will provide the Information Commissioner's Office (ICO) with a proportionate sanction to impose.
Justice Minister, Michael Wills, said: "We want to ensure that the ICO has the powers it needs and is able to impose robust penalties on those who commit serious breaches of data protection principles."
The aim is to discourage non-compliance of the Data Protection Act by data controllers; encourage data controllers to approach the ICO when they have concerns about data protection processes; and help improve public confidence in the security of personal data.
The Ministry of Justice says any organisation that processes data will potentially be affected by these proposals. In 2009 there were about 319,000 data controllers registered on the public register of data controllers. These range from central government departments and other public bodies to businesses of all sizes in the private sector.
The consultation closes on 21 December 2009. The ICO will publish detailed guidance showing the criteria it will use and the circumstances it will consider when issuing civil monetary penalties. The ICO's power to impose civil monetary penalties was inserted into the Data Protection Act 1998 through an addition last year.