Penalties

As mentioned previously, failure to register with the ICO or comply with the Data Protection Act is a criminal offence and could result in prosecution and substantial fines from the Information Commissioner’s Office.

Such penalties also bring about adverse publicity and could be very damaging to a business, particularly in a service industry.

Cases of data protection law breaches have sometimes been quite high profile.
For example:

• In 2010, a council was fined when they inadvertently faxed details of an offender to a member of the public instead of a barrister.
  
• Also in 2010, a firm was fined for allowing an employee to take home an unencrypted laptop containing customers’ personal details.
• In 2007, the Nationwide Building Society was fined near £1million for failing to have an adequate security system.

Penalties may arise from situations such as:

• Sending unsolicited marketing emails.
• Failing to dispose of confidential paperwork securely.
• Not having adequate access rights in place.
• Carelessly leaving data, such as laptops, lying around.
• Selling data without seeking permission.
• Not obtaining a Data Protection license from the ICO.