ICO Powers

According to the latest post from PL&B, the Criminal Justice and Immigration Act has received the Royal Assent, which would include strengthening the powers of the ICO to impose fines for serious breaches of the DPA 1998 -

Organisations now face substantial fines for deliberately or recklessly committing serious breaches of the Data Protection Act. The Criminal Justice and Immigration Act, which received Royal Assent (the final legislative stage) on 8 May, introduces a civil penalty rather than a criminal penalty, the result of an amendment adopted by the House of Lords last month.

The Information Commissioner can impose fines when organisations ‘knew or ought to have known that there was a risk that the contravention would occur, and that such a contravention would be of a kind likely to cause substantial distress or damage, but failed to take reasonable steps to prevent the contravention..’

Although not what it asked for, ICO welcomes the new penalty.

David Smith, Deputy Information Commissioner said: “This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people’s personal information. The prospect of substantial fines for deliberate or reckless breaches of the Data Protection Principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously.

“This new power will enable some of the worst breaches of the Data Protection Act to be punished. By demonstrating that the law is being taken seriously tougher sanctions will help to reassure individuals that data protection matters and give them confidence that organisations have no choice but to handle personal information properly.

See also:

• Criminal Justice and Immigration Act

• ICO gets powers to fine for privacy breaches