Penalties
As mentioned previously, failure to register with the ICO or comply with the Data Protection Act is a criminal offence and could result in prosecution and substantial fines from the Information Commissioner’s Office.![koordinerede-kontrolaktioner--p-kant-med-loven-29retssikkerhed](http://vps.89hosting.co.uk/~spearhead/wp-content/uploads/2016/06/koordinerede-kontrolaktioner-p-kant-med-loven-29retssikkerhed-300x200.jpg)
Such penalties also bring about adverse publicity and could be very damaging to a business, particularly in a service industry.
Cases of data protection law breaches have sometimes been quite high profile.
For example:
- In 2010, a council was fined when they inadvertently faxed details of an offender to a member of the public instead of a barrister.
- Also in 2010, a firm was fined for allowing an employee to take home an unencrypted laptop containing customers’ personal details.
- In 2007, the Nationwide Building Society was fined near £1million for failing to have an adequate security system.
Penalties may arise from situations such as:
- Sending unsolicited marketing emails.
- Failing to dispose of confidential paperwork securely.
- Not having adequate access rights in place.
- Carelessly leaving data, such as laptops, lying around.
- Selling data without seeking permission.
- Not obtaining a Data Protection license from the ICO.
![IMG_4226](http://vps.89hosting.co.uk/~spearhead/wp-content/uploads/2016/07/IMG_4226.jpg)