Fines for data protection breaches: how serious does the breach need to be?
In overturning a fine imposed by the Information Commissioner against the Scottish Borders Council, the UK’s First-tier Tribunal (Information Rights) ruled that the breach in question was insufficiently serious to warrant a financial penalty. This begs the question: how serious does a breach need to be before a fine will be imposed?
The council had hired a third-party supplier to scan hard copies of pension files containing personal data onto CDs. The supplier disposed of approximately 1,600 of the files into recycling bins at a supermarket, where they were discovered by a member of the public. The files were taken into police custody. No actual harm was found to have been suffered.
The power of the Information Commissioner to award a monetary fine of up to £500,000 for data protection breaches is discretionary. However, before a monetary penalty can be assessed, the breach must either be deliberate or something that a controller either knew or ought to have known would result in substantial damage or distress and then failed to prevent…
If you are registered and logged in to the site, click on the link below to read the rest of the Walker Morris briefing. If not, please register or sign in with your details below.
Sign in or Register to continue reading this article
It's quick, easy and free!
It takes just 5 minutes to register. Answer a few simple questions and once completed you’ll have instant access.Register now
Why register to The Lawyer
In-depth, expert analysis into the stories behind the headlines from our leading team of journalists.
Identify the major players and business opportunities within a particular region through our series of free, special reports.
Receive your pick of The Lawyer's daily and weekly email newsletters, tailored by practice area, region and job function.
More relevant to you
To continue providing the best analysis, insight and news across the legal market we are collecting some information about who you are, what you do and where you work to improve The Lawyer and make it more relevant to you.
News from Walker Morris
News from The Lawyer
Briefings from Walker Morris
How can companies respond?
Justin Coley shares his observations arising from the amended forms N120 (Particulars of Claim for mortgaged residential premises) and N123 (Mortgage pre-action protocol checklist).
Analysis from The Lawyer
Which firms are cutting it in this era of slimline rosters, and who are the GC new brooms making clean sweeps? The Lawyer can reveal all
The law school war shows no signs of ending. But we have, perhaps, reached the end of the beginning.