Support 110 years of independent journalism.

  1. Election 2024
25 November 2010

Small fines for a big problem

With identity theft the UK's fastest growing crime, the ICO needs to take a firmer stand against dat

By Jason Stamper

The Information Commissioner has handed out its first fines to organisations for data breaches, fining Hertfordshire County Council £100,000 and Sheffield-based employment services company A4e £60,000.

The Information Commissioners Office came under fire recently for seemingly failing to quickly establish that Google had breached privacy rules in the Street View car wireless ‘snooping’ fiasco, and when it did, doing little about it.

When the ICO finally decided that Google had conducted a “significant breach” of the Data Protection Act, it failed to levy a fine, saying that the breach of privacy had happened before its new powers to impose hefty fines came in, in April. And besides, Google had promised not to do it again.

But this week the ICO finally showed at least a little muscle, fining Hertfordshire County Council £100,000 for sending two faxes containing the confidential details of a child abuse case: one went to a member of the public, another to a legal firm not involved in the case.

Select and enter your email address Your weekly guide to the best writing on ideas, politics, books and culture every Saturday. The best way to sign up for The Saturday Read is via saturdayread.substack.com The New Statesman's quick and essential guide to the news and politics of the day. The best way to sign up for Morning Call is via morningcall.substack.com
  • Administration / Office
  • Arts and Culture
  • Board Member
  • Business / Corporate Services
  • Client / Customer Services
  • Communications
  • Construction, Works, Engineering
  • Education, Curriculum and Teaching
  • Environment, Conservation and NRM
  • Facility / Grounds Management and Maintenance
  • Finance Management
  • Health - Medical and Nursing Management
  • HR, Training and Organisational Development
  • Information and Communications Technology
  • Information Services, Statistics, Records, Archives
  • Infrastructure Management - Transport, Utilities
  • Legal Officers and Practitioners
  • Librarians and Library Management
  • Management
  • Marketing
  • OH&S, Risk Management
  • Operations Management
  • Planning, Policy, Strategy
  • Printing, Design, Publishing, Web
  • Projects, Programs and Advisors
  • Property, Assets and Fleet Management
  • Public Relations and Media
  • Purchasing and Procurement
  • Quality Management
  • Science and Technical Research and Development
  • Security and Law Enforcement
  • Service Delivery
  • Sport and Recreation
  • Travel, Accommodation, Tourism
  • Wellbeing, Community / Social Services
Visit our privacy Policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.
THANK YOU

The ICO also fined employment services company A4e £60,000 for a laptop which was stolen, containing the unencrypted details of over 20,000 people.

But anyone hoping that the ICO was going to come down hard on such breaches will be dismayed. Since the ICO now has the power to levy fines of up to £500,000, £60,000 seems relatively small beer for the loss of a sensitive laptop.

When the Nationwide admitted to the loss of an unencrypted laptop in November 2006, the Financial Services Authority (FSA) punished it with a fine of £980,000. That despite the Nationwide insisting that the data could not have been used for identity fraud because there were no PIN numbers, passwords or account balances on it.

But the Information Commissioner Christopher Graham said the fines he’s imposed on Hertfordshire County Council and A4e will send a “strong message” to any firm handling personal or sensitive data in the UK.

Either way, none of this will stop privacy campaigners arguing that it should be a legal requirement for organisations to disclose data breaches to the Information Commissioner. It’s currently voluntary except for Whitehall departments and some NHS organisations, though the ICO has warned organisations they face stricter penalties if it finds out about breaches that are not disclosed.

The ICO said it had been alerted to 1,000 data breaches by May this year, but how many more go unreported? Figures for 2009 showed that identity theft was the UK’s fastest growing crime. Go figure.

Jason Stamper is NS technology correspondent and editor of Computer Business Review.

Content from our partners
What you need to know about private markets
Work isn't working: how to boost the nation's health and happiness
The dementia crisis: a call for action