Tough new laws on data breaches

News

  • 13 May 2008
Joe Fernandez
December 1, 2016

MPs have passed legislation giving the Information Commissioner the power to impose substantial fines on organisations that deliberately or recklessly commit serious breaches of the Data Protection Act.

The Criminal Justice and Immigration Act received Royal Assent on Monday creating tough new sanctions for the privacy watchdog, the Information Commissioner’s Office (ICO).

Under the legislation, anyone who processes personal information must comply with eight principles which all data processors must be aware of.

The eight principals, which all data processors must be aware of state personal information must be fairly and lawfully processed; be only used for limited purposes; be adequate, relevant and not excessive; and be accurate and up to date.

Data should not be kept for longer than necessary, and must be held securely. Anyone giving their information to be processed must be aware of their rights, and the data should be processed in line with these rights. It should also not be transferred to other countries without adequate protection.

David Smith, deputy Information Commissioner, said: “This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people’s personal information.

“The prospect of substantial fines for deliberate or reckless breaches of the Data Protection principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously.”

The change in law follows a long campaign by the ICO for more effective sanctions against organisations that fail to live up to their responsibilities under the Data Protection Act.

Under previous legislation the ICO only had powers to issue an enforcement notice against organisations in breach of the Act.

Two weeks ago, the Information Commissioner, Richard Thomas, said NHS chief executives should be personally responsible if their department or trust loses or mishandles personal information.

Smith added: “This new power will enable some of the worst breaches of the Data Protection Act to be punished. By demonstrating that the law is being taken seriously tougher sanctions will help to reassure individuals that data protection matters and give them confidence that organisations have no choice but to handle personal information properly.

“The fact that strengthening the Data Protection Act has cross party support demonstrates the growing consensus on importance of effective data protection.”

Links 

NHS chief execs may be accountable for data loss

The Criminal Justice and Immigration Act

ICO

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Prev News

Screening Programme automates reporting

Next News

Education and training

Related News

WHO launches collaborative network for data and digital health
News July 15, 2024

WHO launches collaborative network for data and digital health

WHO is bringing together its European region member states with partners for a network focused on advancing data and digital solutions in health.
Calderdale and Huddersfield awarded HIMSS stage 6 for analytics capabilities
News June 14, 2024

Calderdale and Huddersfield awarded HIMSS stage 6 for analytics capabilities

Calderdale and Huddersfield NHS Foundation Trust has achieved a stage 6 validation from HIMSS for its use of data and approach to data science.
ICO guidance on transparency published for health and care sector
News April 22, 2024

ICO guidance on transparency published for health and care sector

New guidance has been issued by ICO over how health and care organisations should be transparent over the use of personal information.