First substantial fines issued under the Data Protection Act

The Information Commissioner's Office has served two organisations with the first monetary penalties for serious breaches of the Data Protection Act.

Hertfordshire County Council has been fined £100,000 for two serious data protection breaches involving council employees in the childcare litigation department. The employees sent two faxes containing highly sensitive personal information - one relating to child sexual abuse and the other to care proceedings - to the wrong recipients.

Employment services company A4e has also been fined £60,000 for the loss of an unencrypted laptop which contained personal information relating to 24,000 people who had used community legal advice centres in Hull and Leicester.

Head of the Commercial team at Stevens & Bolton LLP, Beverley Whittaker, commented: “Finally we are seeing some real action that should act as a deterrent against sloppy security by those organisations handling large amounts of data. Its disappointing how many of these serious errors still seem to happening and it remains to be seen whether the new penalty regime will have an impact."

Contact our experts for further advice

Beverley Flynn

Search our site