‘All Firms’ Could Face Data Protection Fines

Two Bodies Fined By Information Commissioner

29.11.2010

The first fines handed out by the Information Commissioner highlight how all firms and organisations are potentially at risk of falling foul of the authorities, a lawyer at Irwin Mitchell has suggested.

Hertfordshire County Council and Sheffield employment services firm A4e are the first two bodies to face punishment from the commissioner, after both breached the Data Protection Act by mishandling information.

It was revealed that Hertfordshire County Council breached the regulations when it accidentally faxed details from the childcare litigation unit to the wrong recipients on two separate occasions. A4e was fined after an unencrypted laptop holding the details of thousands of people was stolen.

Commenting on the cases, Helen Goldthorpe, an associate solicitor in Irwin Mitchell’s commercial and technology team, said: “Many people believed that the first firms to be fined would be high profile organisations such as banks. However, this has highlighted that all public and private sector businesses are potentially at risk.

“In addition, the fines are for ‘mistakes’ rather than deliberate breaches, which suggests that these may be things that a lot of businesses are at risk of doing if they do not have policies and proceedings to prevent such mistakes or reduce their impact.

“These cases serve as a timely reminder that organisations must have strong security policies in place and regularly assess them to ensure compliance amongst the workforce.”