According to a recent amendment in the Data Protection Act (DPA), the Information Commissioner’s office will have the authority to levy fines of up to £500,000 on organisations and individuals, if they are found guilty of serious data security breaches.
The law, which will come in effect from April 2010, has been approved by the Secretary of State for Justice, Jack Straw and according to Information Commissioner Christopher Graham, it will force the companies to comply with DPA more effectively.
In an official press release, he said that "These penalties are designed to act as a deterrent. But I will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law."
Until now, The Data Protection Act, which was earlier amended in 1998, allowed the Information Commissioners Office to only serve notices that asked the businesses in breach of DPA, to commit to a set of rules or to take them to the court of law.
The much warranted amendment in DPA follows a series of high profile data security breaches in several private and government organisations including the Ministry of Defense, DVLA (Driver and Vehicle Licensing Agency) and the NHS.
Whether this will actually "prevent" companies from losing data remains to be seen. Furthermore, we'd like to know whether the fines will also apply to Quangos and other government entities like the NHS which have been major sources of data leaks in the past.
(Computer World UK)