After a long process of decision making and debate, the Ministry of Justice has ratified the request from the Information Commissioner’s Office (ICO) that it be allowed to raise fines against any business that is found to be in breach of the Data Protection Act.
The ICO will now be able to demand up to half a million pounds from firms which fail to adequately protect the personal information of their clients and the new rules will begin to be enforced from April this year.
The government held a public consultation in order to assess whether giving the ICO such powers would be adequate to help tackle complacency and inadequacies in the data security measures employed by enterprises in the UK.
Christopher Graham, who is the Information Commissioner, said that the growing number of interactions between businesses and customers which involve the online entry of information and the subsequent storage of personal information has led to far more serious instances of data loss.
Mr Graham also reaffirmed his dedication to cooperation with public and private bodies in order to ensure that compliance with data protection legislation was fulfilled across the board. However, he also said that he would not be afraid to make use of the newly granted powers against those who continue to flout good data security practise.
Michael Wills, the minister for Justice, said that in general, a majority of organisations were in compliance with the conditions of the data protection act and that these new fines would hopefully deter any firms from ignoring them.
In order to reach a decision as to the total fine which should be levelled against a given organisation in the event of non-compliance, various factors will be calculated. For example, the extent of the data loss and the potential threat it poses to the involved parties will be weighed against whether the firm had knowingly failed to meet government guidelines.
Experts believe that although the new fines show real intent, many will be waiting to see how the first penalties are allocated to analyse the seriousness of the ICO’s intent. Despite the belief that only the biggest firms will suffer the most significant fines in the face of data loss, it is hoped that these new powers will act as a wake-up call to businesses of all sizes.
