First fines handed out by ICO for data protection failures


First fines handed out by ICO for data protection failures

Simon Quicke

The first fines for failing to comply with the data protection act have been handed out by the Information Commissioner's Office (ICO) handing a ready made sales pitch to those resellers specialising in information security.

Sheffield-based employment and recruitment consultancy A4e was hit by a £60,000 fine for losing an unencrypted laptop containing thousands of client details.

Hertfordshire County Council was fined £100,000 for faxing details about a child sex abuse case to the wrong people.

The fines are the first to be issued by the ICO and would send a strong message to those handling data said Commissioner Christopher Graham.

"These first monetary penalties send a strong message to all organisations handling personal information. Get it wrong and you do substantial harm to individuals and the reputation of your business. You could also be fined up to half a million pounds," he said.

Mark Fullbrook, director UK and Ireland at Cyber-Ark, said the security industry had been waiting to see who fell foul of the ICO first.

"People will always need to share information.  That's not going to change.  So the onus is on organisations to put in place solutions that can effectively mitigate against this risk whilst providing a secure environment in which to share data," he said.

"Today's news should hopefully serve as a wake-up call for all those that have ignored this ticking time bomb for so long.  The products are out there, so organisations need to get wise or risk the wrath of an ICO eager to flex its muscles," he added.

Join the conversation Comment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.