Companies could face fines of £500,000 for losing data

MANCHESTER law firm Pannone is advising companies across the North West to urgently review their data protection compliance procedures or face possible fines of up to £500,000.

The Ministry of Justice recently announced a consultation that sets out new powers proposing fines of up £500,000 for serious and reckless breaches of the Data Protection Act which cause substantial damage or distress.

The consultation followed a number of high profile breaches of the Data Protection Act 1998 – including the loss of 25m child benefit records – where unencrypted laptops, data sticks or blackberries containing personal data had been mislaid.

Until now the maximum fine that the Information Commissioner’s Office (ICO) can impose is £5,000 but this will rise to £500,000 from April unless changes are made as a result of the consultation.

Samantha Livesey, head of IP, IT and E-Commerce at Pannone, said: “Companies could be vulnerable if they fail to implement a proper data protection policy and monitor its compliance by their staff. 

“Those companies collecting, storing and using data concerning individuals must ensure this data is properly protected and not at risk of misuse or loss.  Security breaches, particularly those involving the loss or unauthorised disclosure of unencrypted personal data on mobile devices such as USB sticks and laptops, are likely to attract hefty fines under the ICO’s new powers.

“With this in mind, companies should be reviewing their data protection compliance procedures as a matter of priority to reduce their risk of exposure to the prospective new penalties.”