As mentioned previously, failure to register with the ICO or comply with the Data Protection Act is a criminal offence and could result in prosecution and substantial fines from the Information Commissioner’s Office.
Such penalties also bring about adverse publicity and could be very damaging to a business, particularly in a service industry.
Cases of data protection law breaches have sometimes been quite high profile.
- In 2010, a council was fined when they inadvertently faxed details of an offender to a member of the public instead of a barrister.
- Also in 2010, a firm was fined for allowing an employee to take home an unencrypted laptop containing customers’ personal details.
- In 2007, the Nationwide Building Society was fined near £1million for failing to have an adequate security system.
Penalties may arise from situations such as:
- Sending unsolicited marketing emails.
- Failing to dispose of confidential paperwork securely.
- Not having adequate access rights in place.
- Carelessly leaving data, such as laptops, lying around.
- Selling data without seeking permission.
- Not obtaining a Data Protection license from the ICO.