Original URL: http://www.theregister.co.uk/2008/05/09/information_data_fines/

Regulator gets power to fine for data breaches

Who will be first to pony up?

By John Oates

Posted in Government, 9th May 2008 15:30 GMT

The Information Commissioner's Office now has the power to fine organisations which deliberately or recklessly commit serious breaches of the Data Protection Act.

The Criminal Justice and Immigration Act got Royal Assent today. Sadly the law is not retroactive, so the long list of government departments which have lost or endangered our data in recent months will not be fined.

David Smith, deputy information commissioner, said: "This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people’s personal information. The prospect of substantial fines for deliberate or reckless breaches of the Data Protection Principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously."

The ICO has repeatedly asked for stronger powers to investigate and fine companies which are failing to take data protection seriously.

Smith said such tougher sanctions would help reassure the public that their data was safe. The ICO at one point suggested prison sentences for those responsible for the most serious breaches. ®