EMPLOYMENT NEWS: New Penalties for Data Protection Breaches
This was posted on Thursday, February 4th, 2010 at 11:41 am.
The Information Commissioner is to get new powers to impose fines of up to £500,000 for serious breaches of the Data Protection Act 1998, under regulations set to come into force on 6 April 2010. The penalties will be available for serious breaches of any of the Data Protection principles set out in Schedule 1 of the Data Protection Act. Although the most publicised breaches in recent years have been in relation to inadequate data security, the penalties will also be applicable in cases of the misuse of personal data (for example by unauthorised disclosure), unlawful transfer of personal data outside the EEA, or failure to obtain consent to use personal data.
For fines to be imposed, a breach must be serious and likely to cause substantial damage or distress. The data controller must have either acted deliberately, or have known or ought to have known that the breach would happen and that it would cause substantial damage or distress, and the data controller must have failed to take reasonable steps to prevent it.
The Information Commissioner has published guidance on how he will use the new powers, indicating how he will approach the imposition of penalties, including what will constitute a “serious” breach, what factors will be taken into account in determining whether a monetary penalty is appropriate, and how the level of penalty will be decided.
The ability to impose substantial financial penalties on data controllers for breach of the Data Protection principles gives the Information Commissioner real teeth for possibly the first time. If they have not already done so, organisations and individuals should review their activities to ensure that their processing of personal data is in compliance with the data protection principles, to avoid falling foul of the new powers. Hill Hofstetter is experienced in auditing data protection compliance and would welcome the opportunity to assist with such a review where required.
For further details of how the new penalties will work please click to view our latest ‘Data Protection Newsletter’.
If you have any questions or would like additional information on the issues covered in this update please contact Jessica Brickley.
Sort news by practice area
News Archives
Links
Follow Hill Hofstetter on Twitter
Latest News & Events
- Avoiding Risks in the Cloud: Part 3
16th April 2012 - By Hill Hofstetter
In Parts One and Two of this series of articles on cloud computing, we looked at some practical and contractual Read more...
- Training Event: International Business Series: Corporate Manslaughter and Bribery Risks
11th April 2012 - By Hill Hofstetter
Event: International Business Series: Corporate Manslaughter and Bribery Risks Date: Wednesday 23rd May 2012 Time: 9:00am - 11:30am Venue: Hill Hofstetter LLPHill Hofstetter, Read more...
- EL Trigger Judgment Restores Certainty for Businesses
28th March 2012 - By Hill Hofstetter
The Supreme Court has today (28 March 2012) handed down its long awaited judgment in the Employers’ Liability Trigger Litigation Read more...
- Employment News: Contracting Out of the State Second Pension
21st March 2012 - By Hill Hofstetter
Currently, employees may contract out of the State Second Pension, and join instead a contracted out occupational pension or personal/stakeholder Read more...
- New ICC Arbitration Rules – A Step in the Right Direction?
13th March 2012 - By Hill Hofstetter
In September 2011, the ICC Court published a revision of the ICC arbitration rules. Unless the parties agree otherwise, these Read more...