Thursday, 30 September 2010

Privacy - UK regulator to issue fines for data protection breaches, at last

UK privacy regulator the Information Commissioner's Office is poised to impose, for the first time, monetary penalties of up to £500,000 on two organisations for serious data protection violations.

So said Deputy Information Commissioner David Smith yesterday at the Internet Society's INET London meeting (entitled "The Internet revolution: Opportunities, threats and challenges to your business - ignore it at your peril!"):

"We will be using that power, we're just in the process of doing that in the first two cases, and you'll see more of that."

(Note - since April 2010 the Information Commissioner has had a new power to impose financial penalties for serious breaches of the Data Protection Act 1998 (introduced under a new section 55C(1) of that Act, inserted by section 144 of the Criminal Justice and Immigration Act 2008), but hitherto hasn't made use of the new power, though it's issued guidance about its use.)

This is excellent news.

To expand further on the quote from Commissioner Reding previously mentioned, that "Having a watchdog with insufficient powers is like keeping your guard dog tied up in the basement",  Jim Killock of the Open Rights Group had suggested over lunch that the ICO had been muzzled, but was trying carefully to get its owner to lengthen its chain in such a way that it didn't get kicked back into the basement without any food! (I have permission to quote him, though I've paraphrased a bit.)

It looks like the ICO has managed to throw off its muzzle at last, and we await with interest hearing the names of who it's going to bite, and just how hard.

Law firm ACS:Law, perhaps? (On which see e.g. Technollama's blogs.)

©WH. This work is licensed under a Creative Commons Attribution Non-Commercial Share-Alike England 2.0 Licence. Please attribute to WH, Tech and Law, and link to the original blog post page. Moral rights asserted.