Our News
Businesses Face Big Fines For Not Protecting Personal Data- 28/06/2011
All organisations must take better care of personal details they hold, as the Information Commissioner’s Office looks to get tough on breaches of the Data Protection Act 1988, warns a leading Wolverhampton business and regulatory crime specialist.
David Campbell, an associate in the Litigation Department of Wolverhampton law firm FBC Manby Bowdler LLP, says that small businesses tend to be the worst offenders when it comes to protecting personal data, but big organisations are often caught out too.
Mr Campbell says: “A recent survey found that than two thirds of organisations with fewer than 100 employees either never train staff on information security procedures or only do so on an ad hoc basis. It estimates that one million companies have never completed an information security risk assessment and many were unaware of any legal compliance measures they have to take.
“Businesses as ‘data controllers’ have certain obligations when dealing with the personal data of employees and customers.
“It sets out a number of principles with which organisations which hold personal data are expected to comply, including taking appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data.”
The Information Commissioner’s Office can now fine companies and individuals unlimited amounts for serious breaches of the Data Protection Act, and organisations have been punished for all sorts of data breaches.
Last November (2010) a Sheffield-based employment advisory business was fined £60,000 for issuing an unencrypted laptop with the details of 24,000 people to an employee who wanted to work from home. The laptop was subsequently stolen and an unsuccessful attempt made to access the data.
In March this year (2011), Wolverhampton City Council was censured by the Information Commissioner’s Office for breaching the Data Protection Act by allowing confidential personal information to be disposed of in a skip, which was later stolen and its contents fly-tipped in a car park, in a case first reported by the Express and Star in October 2010.
Mr Campbell says: “Lack of training coupled with little awareness of the sensitivity of personal data and human error mean that unfortunately it is quite common for organisations to breach the act by such actions as emails sent to the wrong recipient; laptops or memory sticks being lost or stolen; and papers containing information about employees or customers finding their way into the waste paper bin rather than being destroyed by being run through a shredder.”
The Information Commissioner’s Office has issued a good practice note for organisations which hold personal data about individuals, setting out how they can take reasonable steps to ensure that they take appropriate measures to prevent it getting into the hands of third parties and against accidental loss.
Mr Campbell says: “Should an organisation become aware of any loss of personal data, it should immediately inform the Information Commissioner’s Office, as well as seeking independent legal advice, about the steps it should take to remedy the situation.”
With 33 partners, FBC Manby Bowdler is one of the largest law firms in the West Midlands. In addition to Wolverhampton, the firm also has offices in Willenhall, Telford, Shrewsbury and Bridgnorth.