Data Protection – New powers for the ICO come into force next month
New powers coming into force on the 6th April will mean that serious personal data security breaches could lead to fines of up to £500,000.
Under the new rules fines will be imposed by the Information Commissioner’s Office (ICO) where the breach is deliberate or negligent and likely to cause substantial damage or distress to individuals.
The sort of examples of incidents that could give rise to fines include failing to take adequate security measures such as encrypting data. The ICO says that any organisation that does not encrypt materials stored on portable devices or does not know how many laptops it loses may have a hard time explaining itself. If a breach occurs, any penalty imposed will be applied taking into account the company’s financial resources; its industry sector; whether the factors were outside the company’s control; and the kind of preventative measures the company took.
The guidance also refers to the fact that substantial damage could also occur when inaccurate data is disclosed in a work reference that results in the loss of a job offer. Employers should ensure that appropriate security measures are in place to prevent harm caused by unauthorised or unlawful processing of personal data or accidental loss, destruction or damage of the data. They should also consider appointing a data protection champion to ensure compliance.
Posted on 19 Nov 2016