recent work

ICO Places First Fines Totalling £160,000

The ICO has announced today that it has placed its first monetary fines on two companies, totalling £160,000. Hertfordshire County Council were found guilty of two serious breaches of the Data Protection Act, after the mistakenly faxed the personal data of others to the wrong recipients. Meanwhile, A4e, an employment services organisation, was fined £60,000 for losing an unencrypted laptop that contained the personal details of 24,000 individuals that had used community legal advice centres in Hull and Leicester.
Both companies have accepted the fines, stating that they are ‘sorry that these mistakes happened (Hertfordshire County Council) and ‘we fully accept the judgement…. A4e takes the protection of personal data extremely seriously…’ (A4e).
Information Commissioner, Christopher Graham said: “These first monetary penalties send a strong message to all organisations handling personal information. Get it wrong and you do substantial harm to individuals and the reputation of your business. You could also be fined up to half a million pounds.”

Comment
Mistakes can happen, and an organisation’s current system may be found to have loop holes in, thus introducing an element of risk into the data management system. However, it is vitally important that procedures relating to the management of data are documented, adhered to and regularly reviewed so as to not allow such procedural flaws to happen at all; and above all else, get fined by the ICO for anything up to £500,000.
By having a documented procedural system for data management, the chances of getting it right first time will be increased. By reviewing such systems, organisations will continually improve data management systems. This is something that Absolute Data does and can help you with. Absolute Data also works with many organisations to reduce or eliminate the risk to the personal information that they hold about individuals. The “softer side” of privacy risk management such as staff training and having documented procedures is often overlooked and under-funded in organisations and an area where we can have a big impact for a modest investment.  For further information, please contact us now at info@absolute-data.co.uk.