Fines Imposed by UK’s Information Commissioner’s Office

Two organizations, Action for Employment Ltd. (A4e) and Hertfordshire County Council, were recently fined by the UK’s Information Commissioner’s office (ICO) for data breaches that occurred in June.  Information Commissioner, Christopher Graham, said "these first monetary penalties send a strong message to all organizations handling personal information. Get it wrong and you do substantial harm to individuals and the reputation of your business. You could also be fined up to half a million pounds."

A4e was fined £60,000 for the theft of an unencrypted laptop.  The laptop was owned by A4e and stolen from an employee’s home. The laptop contained personal records of approximately 24,000 employees.  Although a policy stating all data temporarily stored on a laptop computer should be encrypted existed, the stolen laptop was not because it was not a part of a recent encryption rollout. 

Hertfordshire County Council was fined £100,000 after confidential documents were faxed to the wrong recipients on two separate occasions. The ICO believed that they should have taken a stronger action after the first accidental fax, but they failed to do so.

Does your organization have policies and procedures in place to protect your data in the event of a theft? Are you able to prevent accidentally faxing a confidential document? Contact Attevo about a risk assessment.

Read more about this story here.