The Information Commissioner’s Office (ICO) has just been endowed with new powers that will allow it to dole out heftier fines of up to half a million pounds in the event of data loss and now it has outlined the situations in which it feels that it can appropriately employ these punitive measures.
The ICO said that the biggest fines would be reserved for firms such as T-Mobile, which caused controversy back in late 2009 when it emerged that a former employee had been selling on the private details of customers to the highest bidder.
The ICO has been conducting an investigation into this high profile data protection breach and it is believed that rival networks were involved in buying details relating to when customers’ contracts were running out in order to pounce and steal business from T-Mobile.
Before April 6th the ICO had only been able to serve offending businesses and public organisations with fines of £5000, but now new rules have multiplied this figure by one hundred in order to make the threat of a fine a greater deterrent.
Three local councils who have recently been charged with breaching the Data Protection Act could have been the first to face these new fines. However, the ICO has chosen to commit the councils to improving their data security policies in the future rather than exercising heavy fines.
The ICO said that it would be using its powers as a proportional response to any new data loss or theft scandals that emerge. It confirmed that the T-Mobile case was a model example of the kind that might warrant the full force of the half a million pounds penalty.
ICO enforcement and investigation head Sally-Anne Poole said that for businesses and organisations in the public and private sector data protection should be of paramount importance. She also said that the encryption of data during storage and transport was essential and a lack of encryption had proved embarrassing for the three councils involved in the most recent cases of data loss.
