Tuesday, December 22, 2009

Data Protection Act offences: new powers for the ICO

By PAULA BARRETT

A new power to issue fines against offenders, first approved by Parliament in 2008, will soon come into force. The latest from the Information Commissioner’s Office is that this will be from April 2010.


The Ministry of Justice is the Government department responsible for the changes and, as many of you will know, it shall have final determination over the exact timescale.

From the commencement date, the ICO will be able to issue what are expected to be “substantial” fines against data controllers (ie businesses and organisations using personal information from their employees, customers or other individuals on their own behalf) without prior warning, for deliberate or reckless breaches of the Data Protection Act (DPA).

The Ministry of Justice published a consultation paper on 9 November proposing that the maximum civil monetary penalty which can be imposed for serious breaches of the data protection principles should be £500,000.

Other details, such as whether the ICO will be allowed to fine individuals (for example directors) as well as the organisations themselves are still to be confirmed.

- Increase in potential monetary penalties: welcomed by many

- Overlap between the ICO and the FSA

- Enhanced sanctions approved by Parliament

- Serving a notice of intent

Read more on the above issue(s) at info4SECURITY.com

No comments:

Post a Comment