Data Protection issues used to relatively minor but now there is a growing tendency for these issues to be treated as major breaches of the law. This is the same now for small companies as well as big.
The Information Commissioner’s Office (the ICO) has been showing an increased readiness to bring proceedings and issue fines against those who fail to comply with their data protection obligations. In a recent example, the ICO brought criminal proceedings against a company for breaching the Data Protection Act as well as – more interestingly – against its director personally. Both the company and the director were convicted and were ordered to pay £597 each (of which £270 was a fine). The Information Commissioner stated:
“Failure to notify is a criminal offence and it’s the data controllers’ responsibility. Mr Muhith failed to do so and now he is paying the price for his disregard for the law.”
For company directors, failing to comply with data protection laws now presents a major risk for them personally – not simply in terms of a fine but, more significantly, the reputational risks and problems that being convicted of a criminal offence brings. All companies who handle, collect, process and/ or control data that is deemed of a confidential nature need to be aware of the responsibilities and risks involved as well as the strategies that must be put in place to avoid breaches of the law. Policies must be put in place internally and policies on their own are not enough i.e. those policies must be acted upon, updated and maintained and kept up-to-date with the law.