Data protection - fines for breaches announced

27/10/2010

By Henar Dyson, Senior Associate in Corporate & Commercial

The Information Commissioner’s Office now has power to issue fines of up to £500,000 to organisations in serious breach of the Data Protection Act 1998.

The highest fines will, unsurprisingly, be reserved for the most serious of breaches, which result in significant damage and distress to individuals or where the breach is deliberate.

Organisations that have taken genuine steps to prevent breaches are likely to receive the smallest fines or to be issued with an enforcement notice, requiring them to improve their data protection practices.

It is worth noting that organisations regulated by the Financial Services Authority can also be fined by that organisation for similar behaviour, except that fines from the Financial Services Authority are often significantly higher.