News

Take care of data or face ICO fines

Cliff Saran

From today, the Information Commissioner's Office (ICO) can serve a Monetary Penalty Notice with fines up to £500,000 for a serious data breach.

Under Section 55a of the Data Protection Act 1998, the ICO can impose a fine if there has been a serious contravention of data protection principles by a data controller and the contravention could cause substantial damage or distress.

Fines will be determined by:

  • Seriousness of contravention.
  • Nature of personal data involved.
  • Duration and extent of contravention.
  • Number of individuals actually or potentially affected by the contravention.
  • Matter of public importance.

According to the ICO, fines are more likely to be imposed if an organisation has failed to take reasonable steps to prevent the data loss. For instance, if it has not established adequate procedures, processes and practices to reduce data loss and there are no clear lines of accountability.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy