Please sign in with your existing account details.
Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.
Privacy statement - Terms and conditions
Forgotten your password?
You have exceeded the maximum number of login attempts for this email address and your account has been locked. An email has been sent to member of Browne Jacobson's web team and some one will be contacting you over the next two working days with details of how to change your password.
Are you sure you want to remove this item from you pinned content?
From April this year the Information Commissioner (IC) was given new powers to serve monetary penalty notices (up to a maximum of £500,000) on data controllers for breach of the data protection principles.
Last week saw the IC exercising its new power for the first time – twice in fact, in the same week. The first (for £100,000) was issued to Hertfordshire County Council for faxing highly sensitive personal information in relation to child sex abuse cases to the wrong recipients. The second (for £60,000) was issued to employment services company A4e for the loss of an encrypted laptop containing sensitive information concerning 24,000 people.
Clearly these two cases suggest that the IC is prepared to use its power against both private and public sector organisations. The maximum of £500,000 has not been reached (even for a disclosure of very sensitive data in respect of child abuse) but I suspect it will not be long before we see a penalty up to the maximum limit.
Last month, the Information Commissioner’s Office (ICO) announced notice of its intention to fine (NOI) Marriott International, Inc. £99m for infringements of the GDPR.
View blog
The Hiscox Cyber Readiness report, a review of 3300 organisations, will be a stark warning for CEO’s of SME’s in the UK and in Europe.
In Rogerson v Bolsover District Council (2019) the Court of Appeal found against a local authority landlord pursuant to the Defective Premises Act 1972 following a finding of an inadequate inspection regime.
On 23 January 2019, the European Commission and the Personal Information Commission of Japan, concluded a two-year-long dialogue and the adoption of the decisions recognising each other’s personal data protection systems as ‘equivalent’.
Select which mailings you would like to receive from us.
Sign up