UK Information Commissioner Christopher Graham has handed out the first fines for breaches of the Data Protection Act saying they will “send a strong message” to those handling data.
The commissioner was given the ability to fine organisations up to £500,000 for breaching the Act earlier this year. Hertfordshire County Council was fined £100,000 for sending two faxes regarding a child sex abuse case to the wrong recipient. Sheffield-based company A4e was fined £60,000 after a computer containing the unencrypted data of 24,000 people was lost. Both incidents occurred in June.
In these cases, both organisations came forward of their own accord. In some American states such as California, revealing breaches such as this is mandatory The system in the UK is currently voluntary although a recent poll published by LogRhythm showed that 80 percent of people wanted more stringent laws regarding data breaches.
Out of the 5000 people surveyed, 31 percent even suggested that company directors should be subject to criminal proceedings. Many have welcomed the commissioner’s step towards protecting sensitive data. The Financial Times referred to Graham as a “privacy watchdog chief with a bite”, and noted that the announcement follows criticism of the ICO’s handing of the Google Street View data collection controversy.
Perhaps the ICO is trying to prove it is a watchdog with teeth.