+44 207 488 9947
Data Protection – ICO Fine – Small Businesses – Loss or Stolen Data – Data Protection Act 1998 - Breach
The Information Commissioner’s Office (“ICO”) recently issued a fine of £5,000 to a sole trader for failing to have adequate measures in place to keep customers’ details secure. The fine was issued after a hard drive containing the financial details of around 250 customers was lost after being stolen.
The sole trader operated as a loans company and the hard drive contained details such as customers’ names, dates of birth, addresses and identity documents. Although the hard drive was password protected, it was not encrypted.
The ICO Head of Enforcement, Stephen Eckersley restated the ICO’s expectation that information must be encrypted where the loss of the data could lead to those affected suffering damage and distress.
In this instance, the sole trader was fined £5,000 rather than £70,000, which is the penalty that would have been imposed for this incident. Factors contributing to the lower fine include the limited financial resources of the company as well as the fact that the breach was reported voluntarily.
Further details on this can be found at the ICO’s website.
How can we help?
Whether you are a start up or an established business, RT Coopers can assist you in meeting your obligations under the Data Protection Act. We conduct audit on businesses’ operations in order to determine specific weaknesses to be considered by data controllers. Once these are identified, we would advise you on the remedial measures you should put in place.
You may contact us by email [email protected]. Visit http://www.rtcoopers.com/practice_dataprotection.php
© RT COOPERS, 2013. This Briefing Note does not provide a comprehensive or complete statement of the law relating to the issues discussed nor does it constitute legal advice. It is intended only to highlight general issues. Specialist legal advice should always be sought in relation to particular circumstances.