£500,000 data loss fines now in force

Lose data and watchdog can make you lose your cash too...
Written by Jo Best, Contributor on

Lose data and watchdog can make you lose your cash too...

Under new powers that came into force today, organisations that recklessly lose data could be fined up to £500,000.

Thanks to an amendment to the Data Protection Act, the Information Commissioner's Office is now able to impose a fine of up to £500,000 where businesses have seriously breached the Act in a way that is likely to "cause substantial damage or substantial distress".

Examples of scenarios that could incur a fine include an individual becoming a victim of identity fraud after their financial data is lost by a company, or if a person suffers anxiety about sensitive personal information leaking out after their medical data is stolen.

Both private or public sector organisations can be subject to a fine if they deliberately or negligently lose data. The ICO is able to scale the penalty depending on the sector, size and financial means of the organisation behind the breach, as well as the severity of the breach itself.

data breach

Data breaches could now be very costly due to new ICO powers
(Photo credit: Shutterstock)

This will be the first time companies suffer more than damage to their brand as a result of a data breach, according to Peter Gooch, part of the privacy team at Deloitte.

"What this means in practice is that...the ICO now has a bigger stick to wield. The ICO will have a wide scope of interpretation when applying its new regime, as the fines can be levied for breaches of principles, rather than against the underlying detailed legal requirements. The first few fines the ICO levies will therefore set the tone going forward.

"While the largest fines may only be dealt out to larger companies for serious breaches of the Data Protection Act, all organisations are now faced with a very real threat of significant financial penalties over and above any existing operational clean up costs and reputational damage should they suffer a breach," he said in a statement.

Editorial standards