The Information Commissioner's Office will be able to issue fines of up to £500,000 for serious data security breaches. The new rule is expected to come into force in the UK on 6 April 2010. It has been approved by Jack Straw MP, Secretary of State for Justice. The size of the fine will be determined after an investigation to assess the gravity of the breach.
Other factors will include the size and finances of the organization at fault. Individual cases will also be assessed on whether the breach was accidental or deliberate, and how much distress the leak of information caused. There have been several high profile data losses in recent years from large organizations including the Ministry of Defense and the DVLA (Driver and Vehicle Licensing Agency).
In an official press statement, Information Commissioner, Christopher Graham said he hoped the penalty would encourage companies to comply more closely with the Data Protection Act. These penalties are designed to act as a deterrent, he said in a press statement.
No comments:
Post a Comment