Monday 2 September 2013

ICO fines against UK public authorities top £4m for shoddy data handling

Cash
Public-sector authorities have now paid over £4m in fines for breaches of the Data Protection Act.
The Information Commissioner's Office (ICO) confirmed the figure exclusively to V3, and it represents a notable milestone since the data watchdog was given the ability to levy fines in April 2011.
“We have now issued penalties totalling over £4m against organisations in the public sector that have failed to look after the information of the people they serve," the ICO said.
The figure is double that of the last figure released by the ICO when it revealed fines totalling £2m had been handed out, suggesting that data handling at councils, NHS Trusts and police forces is getting worse, not better.
Recent examples of fines from the ICO include one of £100,000 levied against Aberdeen City Council after sensitive data on vulnerable children was posted online and Islington Council was fined £70,000 for putting data on residents online in an Excel spreadsheet.
All the fines paid to the ICO end up in the government’s consolidated fund, which is pooled back into the wider public purse, so it remains available for public spending. However, this still means local councils or NHS Trusts may deliver a reduced service.
The ICO added that the fact fines have now passed the £4m mark should serve as a wake-up call to organisations holding sensitive data that data protection should be a top priority.

“The public sector, particularly organisations working within health and local government, are regularly processing some of the most sensitive personal information, ranging from a person’s health record to details of vulnerable children," it said.

"This is why these organisations must make sure they are keeping this information secure and we have produced guidance and continue to offer support to help them achieve this."
In contrast to the public sector the ICO has issued fines of just £526,000 against private sector firms. This is not an entirely fair comparison, though, as public sector organisations are obliged to report all breaches, while private-sector firms are not.
The most notable of these fines is the £250,000 levied against Sony for the hack on its PlayStation Network in 2011. The firm had originally disputed this fine but recently agreed to pay up after it was concerned the appeal process would require it to reveal data it would rather not make public.
In other areas, the ICO revealed that it has now issued fines totaling £800,000 under the Privacy and Electronic Communications Regulations (PECR). This covers, among other things, issues of marketing via text, email and telephone calls, with several notable fines handed out.

No comments:

Post a Comment