29/11/2010

By David White, Managing Director, Weboptimiser

The commissioner said the fines - the first he has issued - would "send a strong message" to those handling data.

Commissioner Christopher Graham was granted the authority to serve financial penalties for data protection breaches in April of this year.

He said "It is difficult to imagine information more sensitive than that relating to a child sex abuse case. I am concerned at this breach - not least because the local authority allowed it to happen twice within two weeks."

Hertfordshire County Council faxed details of a child sex abuse case to a member of the public is to be fined £100,000 for breaching the Data Protection Act. A spokesman for Hertfordshire County Council said it accepted the commissioner's findings. "We are sorry that these mistakes happened and have put processes in place to try and prevent any recurrence," he added.

Sheffield-based A4e was fined £60,000 for losing an unencrypted laptop with the details of about 24,000 people. The A4e data breach issued an unencrypted laptop to an employee to work at home. The computer contained personal information relating to 24,000 people who had used community legal advice centres in Hull and Leicester.

It was later stolen from the employee's house and an unsuccessful attempt to access the data was made shortly afterwards.

Personal details recorded on the system included names, dates of birth, postcodes, employment information, information about alleged criminal activity and whether an individual had been a victim of violence.

The commissioner ruled that A4e did not take reasonable steps to avoid the loss of the data but said the incident was "less shocking" than the council's security breaches.

Nevertheless, he said it "also warranted nothing less than a monetary penalty as thousands of people's privacy was potentially compromised by the company's failure to take the simple step of encrypting the data".

Meanwhile, a poll of 5000 people conducted by Onepoll has found that four out of five people want to see the introduction of a law which would force companies to publicly declare any data breaches.

Such legislation already exists in the United States but in the UK, disclosure is currently voluntary.


Watch a video of David White talking about the first data protection act fines issued by commissioner.

If you would like to get the latest on how to combine Search, Social Media and Video to get a 40% boost to your next film, event or album launch, call us in the UK on +44 207 953 8304, we would love to discuss how we can help you and talk you through a number of our best and most recent case studies.