The Information Commissioner's Office (ICO) has issued the first fines for breaches of data protection. Potential fines were increased from £500 to £500,000 in April 2010 following a review of the system.A fine of £100,000 must be paid by Hertfordshire County Council after it disclosed that two serious breaches occurred within two weeks of each other. The breaches involved faxes being accidentally sent to the wrong address. The information contained details of children, criminal convictions, domestic violence records, and child abuse cases was sent to a member of the public, and a barristers office (not involved in any of the cases).
A fine of £60,000 was also issued to a business called A4e, after a laptop containing the details of several thousand people who had used community legal centres were lost. The laptop was issued to an employee who was working at home, but it was later stolen.
These penalties are the first to be issued by the Information Commissioner, and they do send a clear message to those handling data that they must take all possible steps to prevent the disclosure of sensitive information.
Businesses are advised to have clear and up to date Data Protection Policies, and possibly seek advice from their IT provider. The above cases highlight the importance of having good policies in place which prevent accidental leaks of information. In particular, it serves as a reminder that where employees work from home, any IT equipment they are provided with must contain the minimum amount of data that will allow them to do their job.
An increase in the use of blackberry's, iphones, memory sticks and laptops clearly exposes businesses to the risk of a fine since these devices often contain information relating to clients and their contact details. Unfortunately these are also easy to lose, leave in other people's houses, and they can often be left in cars or even on buses. Therefore its sensible to ensure that they do not contain particularly sensitive information or large quantities of data.
When information is shared between organisations, perhaps via email or fax it's absolutely essential to ensure they don't fall into the wrong hands. Sensitive documents should be marked as private and confidential, and checks should be in place to ensure they arrive at their intended destination.
No comments:
Post a Comment