ICO given power to fine £500,000 for data breach incidents

2010-01-13

Firms in the UK that suffer a data breach may be ordered to pay up to £500,000 when new powers are handed to the Information Commissioner's Office (ICO) later this year.

Those that experience serious breaches of the Data Protection Act will be punished with monetary penalties.

When cases emerge, the ICO will carefully explore how serious the data breach was as well as how likely it is individuals will experience significant damage and distress as a result of an intrusion.

The organisation will also look into whether or not the breach was deliberate or negligent and if reasonable measures have been taken to prevent such occurrences.

"When things go wrong, a security breach can cause real harm and great distress to thousands of people. These penalties are designed to act as a deterrent," said information commissioner Christopher Graham.

Last month, the ICO found Shropshire Council in breach of the Data Protection Act after an unencrypted memory stick, with details of adult social care clients and members of staff, went missing.

Read more security news.