publicSIRO

Organisations who are reckless with personal data will face fines of up to £500,000 from April this year, it was announced today.

Under new powers approved by Home Secretary Jack Straw, the Information Commissioner will shortly be able to levy  heavy penalties for serious data security breaches.

According to statutory guidance issued today the ICO, fines will be determined by on a case-by-case basis, taking into account factors such as the size and type of the organisation, whether the loss was deliberate or negligent, the potential impact on individuals affected and measures taken to improve security.

Organisations will have 28 days to pay the penalty amount, which will be reduced by 20% if full payment is made in time.

Announcing the new powers, Information Commissioner Christopher Graham warned he would “not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law”.