The UK Information Commissioner has been given new powers to impose hefty fines on:
- those who intentionally or recklessly disclose
information contained in personal data to another
person;
- those who repeatedly and negligently allow information to
be contained in personal data to be disclosed; and on
those
- whose deliberate or reckless actions result in breaches
of the Data Protection Act's eight Principles.
The change in the law, brought about an amendment to the Data Protection Act 1998 (the "Act"), has introduced these 'new' offences under a new section 55A to the Act.
The Deputy Information Commissioner, David Smith, has stated that "This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people's personal information. The prospect of substantial fines for deliberate or reckless breaches of the Data Protection Principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously."
The amendment to the Act comes after repeated calls by the Information Commissioner for greater powers to tackle those who show blatant disregard for their obligations under the Act. In light of the increasingly regularity of data breaches it is not inconceivable we will see the Information Commissioner use these new powers in the not too distant future.
Whilst the new penalties may deter private sector businesses, it perhaps does little to deter public sector breach where any penalty is passed on to the taxpayer.
Disclaimer
The material contained in this article is of the nature of general comment only and does not give advice on any particular matter. Recipients should not act on the basis of the information in this e-update without taking appropriate professional advice upon their own particular circumstances.
