MCPSG update - New fines for DP breaches.
20th January 2010
After the recent consultation the Government has now approved £500,000 fines for worst data protection offenders, including the Public Sector subject to certain considerations.
Organisations responsible for major breaches of personal information security will face fines up to £500,000 from 6th April this year.
The new penalties for serious data protection breaches have been approved by the Government.
The ICO said that it would assess breaches according to various criteria when deciding whether or not to impose the full £500,000 penalty.
These include:
The seriousness of the breach;
The likelihood of damage and distress to those affected; whether the breach was deliberate; whether it was negligent; and what action the organisation had taken to protect information.
"The Information Commissioner will take a pragmatic and proportionate approach to issuing an organisation with a monetary penalty," the ICO statement said. "Factors will be taken into account including an organisation’s financial resources, sector, size and the severity of the data breach, to ensure that undue financial hardship is not imposed on an organisation."
The likelihood of damage and distress to those affected; whether the breach was deliberate; whether it was negligent; and what action the organisation had taken to protect information.
"The Information Commissioner will take a pragmatic and proportionate approach to issuing an organisation with a monetary penalty," the ICO statement said. "Factors will be taken into account including an organisation’s financial resources, sector, size and the severity of the data breach, to ensure that undue financial hardship is not imposed on an organisation."
NW Information Sharing and Security Group gave a response to this consultation, for more information about NWISSG please contact ajike.alli@nwegg.org.uk
This information was taken from 'Out-Law.Com' on the 20th January 2010.