0370 270 6000

already registered?

Please sign in with your existing account details.

need to register?

Register to access exclusive content, sign up to receive our updates and personalise your experience on brownejacobson.com.

Privacy statement - Terms and conditions

information Commissioner fines public and private sector alike

1 December 2010

From April this year the Information Commissioner (IC) was given new powers to serve monetary penalty notices (up to a maximum of £500,000) on data controllers for breach of the data protection principles.

Last week saw the IC exercising its new power for the first time – twice in fact, in the same week. The first (for £100,000) was issued to Hertfordshire County Council for faxing highly sensitive personal information in relation to child sex abuse cases to the wrong recipients. The second (for £60,000) was issued to employment services company A4e for the loss of an encrypted laptop containing sensitive information concerning 24,000 people.

Clearly these two cases suggest that the IC is prepared to use its power against both private and public sector organisations. The maximum of £500,000 has not been reached (even for a disclosure of very sensitive data in respect of child abuse) but I suspect it will not be long before we see a penalty up to the maximum limit.

related opinions

Marriott International: a look behind the ICO’s £99m fine and what this means for corporate acquisitions

Last month, the Information Commissioner’s Office (ICO) announced notice of its intention to fine (NOI) Marriott International, Inc. £99m for infringements of the GDPR.

View blog

Cyber risks – are businesses really ready?

The Hiscox Cyber Readiness report, a review of 3300 organisations, will be a stark warning for CEO’s of SME’s in the UK and in Europe.

View blog

Landlord and tenant inspections - getting the evidence right

In Rogerson v Bolsover District Council (2019) the Court of Appeal found against a local authority landlord pursuant to the Defective Premises Act 1972 following a finding of an inadequate inspection regime.

View blog

As Japan becomes 'adequate' for data protection laws...will the UK soon become 'inadequate'?

On 23 January 2019, the European Commission and the Personal Information Commission of Japan, concluded a two-year-long dialogue and the adoption of the decisions recognising each other’s personal data protection systems as ‘equivalent’.

View blog

mailing list sign up



Select which mailings you would like to receive from us.

Sign up