Just four civil penalties have been handed out by the information
watchdog since the powers came into force last year, with a company
that lost information relating to more than 20,00 people in Leicester
and Hull fined, figures show.
More than 2,500 possible breaches of the Data Protection Act have been
reported to the Information Commissioner's Office (ICO), but just 36
have resulted in any action and only four have attracted civil
penalties.
In all, organisations have been fined a total of just £310,000, with
the biggest fine handed out to date being £100,000 - despite the
maximum penalty for a single offence being £500,000.
The figures, released to encryption firm ViaSat under Freedom of
Information laws, also showed that the ICO has taken action against
seven private sector organisations, penalising just one, but 29 in the
public sector, penalising three.
Chris McIntosh, the firm's chief executive, said: "The ICO has a
tremendous amount of leeway in the penalties it levies and so far
doesn't seem to be applying this in either direction.
"The ICO has stated that the embarrassment and poor image of a fine
will act as a deterrent and an incentive to improve an organisation's
grasp of the Data Protection Act. However, if fines are rare and well
below the maximum allowed limit, their value as a deterrent drops.
"Organisations will view the rarity of a fine and the associated
negative publicity the same way they have viewed the threat of a data
breach itself: an event that only happens to other people."
The biggest fine to date, £100,000, was given to Hertfordshire County
Council in November last year after it accidentally faxed highly
sensitive information about cases involving child sex abuse and care
proceedings to the wrong recipients on two occasions in the space of
two weeks in June 2010.
In February, Ealing Council was fined £80,000 and Hounslow Council was
fined £70,000 after an out-of-hours service working on behalf of both
councils lost two laptops containing the details of around 1,700
people when they were stolen from an employee's home. Almost 1,000 of
the individuals were clients of Ealing Council and almost 700 were
clients of Hounslow Council.
And also in November, employment services company A4e was fined
£60,000 over the theft of a laptop containing personal information of
about 24,000 people who had used community legal advice centres in
Hull and Leicester in June.
No comments:
Post a Comment