Companies found responsible for serious losing data or breaching data protection rules face more than a rap over the knuckles from this month.
The government has given the Information Commissioner's Office (ICO) the green light to beef up the penalties for flouting the Data Protection Act and the maximum penalty for offences is being hiked from £5,000 to £500,000 from April 6.
The Information Commissioner, Sir Christopher Graham, confirms that his office means the swingeing new penalties to act as a deterrent and persuade companies to comply more closely with the Act. "I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law," he says. The ICO's guidance on the new penalties state that companies can expect to incur heavy fines where "the data controller has seriously contravened the data protection principles and the contravention was of a kind likely to cause substantial damage or substantial distress."
The ICO began flexing its muscles earlier this year when it warned that companies that attempted to cover up data breaches would face far tougher treatment than those that came clean when they were at fault.
Last month it fined Zurich Insurance UK for losing the private financial data of 46,000 customers when the company sent an unencrypted backup tape to its sister company in South Africa, which went missing. The latter then compounded the error by letting a year elapse before it reported the loss back to the UK.
So companies will, in future, have to ensure that they tighten up their security when transferring data abroad - especially when, like South Africa, the country suffers a poor reputation for data theft and fraud.
A recent online poll carried out by InfoSecurity Europe found that one in three organisations has no system in place to respond to a potential data security breach, so companies are being urged to review and implement behavioural controls in readiness.
This is one area which largely lies beyond the remit of insurance, although a directors' and officers' liability policy would indemnify a company for the costs of contesting a fine from the ICO, but only if that challenge proved successful. A company's best policy is to own up promptly if a breach does occur, as their culpability will largely be judged on the speed and quality of the response.
News brought to you by Lower Premium providing you with a wide range of insurance policies each at a competitive price.
April 16th 2010
Companies found responsible for serious losing data or breaching data protection rules face more than... {more}
April 16th 2010
Next month Birmingham's Commercial Vehicle Operators Show opens and is a chance for manufacturers... {more}
March 31st 2010
A boat yard in Barrow has received a £300 million boost for their shipyard, as the Ministry of Defence... {more}
March 29th 2010
