Tough new penalties for organisations who don’t protect client data
Businesses and charities alike are being urged to review their IT systems and policies to ensure they don’t fall foul of fines of up to £500,000 designed to protect personal data and deter security breaches.
From 6th April the Information Commissioners Office (ICO) can impose fines of up to £500,000 for a serious breach of the Data Protection Act that is likely to cause damage or distress, is either deliberate or negligent and the organisation failed to take reasonable steps to prevent it.
In a press statement released on 12th January 2010, Information Commissioner, Christopher Graham, said “When things go wrong, a security breach can cause real harm and great distress to thousands of people. These penalties are designed to act as a deterrent and to promote compliance with the Data Protection Act.”
One area which the ICO is likely to be very tough on is data held on mobile devices such as laptops and USB memory sticks. There have been several high profile cases of laptops containing personal data being lost or stolen from vehicles or being left in inappropriate places without adequate protection. The ICO has stated that if such losses occur in future and data has not been encrypted, it will pursue enforcement action.
Jon Stanton from PEM IT Services adds “It is clear that the ICO is intending to take a much tougher line with organisations who pay lip service to the Data Protection Act but do not take appropriate steps to protect their clients data.”
“Organisations holding sensitive personal data will need to be particularly vigilant, including solicitors, medical practices, and tax accountants. We would advise all such organisations to carry out data risk assessments to ensure they are following best practice.”
PEM IT Services provides IT advice and support to SMEs and charities across Cambridge and the East Anglia region, including carrying out external IT Risk Management Reviews in line with ENISA (European Network and Information Security Agency) methodology. For further information please contact Jon Stanton on 01223 728 205 or email jstanton@pem.co.uk
Jon Stanton, Director of PEM IT Services.