The UK Government has granted new powers to the Information Commissioner’s Office (ICO), which will be able to fine organisations up to a massive £500,000 if they breach the Data Protection Act, put in place to protect sensitive consumer data held with organisations.
The Information Commissioner’s Office was previously restricted to an upper limit of a £5000 fine but has been handed stricter powers in order to curb the incidents of data loses due to negligence, which have been plaguing some Government departments and organisations.
The new powers will allow the IOC to issue compulsory audit notices if a particular Government department is found in breach of the Data Protection Act.
The fine will be decided on the basis of precautions applied by the offending organisation and the situation in which the data breach occurred. The guidelines issued by the IOC reveal that heaviest fines will be imposed on organisations where the data controller "has seriously contravened the data protection principles and the contravention was of a kind likely to cause substantial damage or substantial distress."
The hefty fine is justified by the fact that despite strict data protection measures outlined by the Government, most employers fail to instruct their workers on how to handle sensitive data and inform them about latest updates in data protection laws.