Stephens Scown Solicitors - data protection legislation, commercial corporate law, solicitors, st austell, truro, exeter, devon, cornwall

back

Warning for local firms about massive data protection fines

data protection legislation, commercial corporate law, solicitors, st austell, truro, exeter, devon, cornwall

CONTACT US

Exeter Office

Tel: 01392 210700 Email us

Truro Office

Tel: 01872 265100 Email us

Companies across the South West are being warned they could face fines of up to £500,000 for serious breaches of the Data Protection Act 1998 when new laws are introduced later this year.

New powers and serious fines, expected to come into force on 6 April 2010, will mean local businesses could be penalised financially by the Information Commissioner's Office (ICO) to the tune of up to half a million pounds.

Tony Welford, partner in the Truro Office, believes employers in the South West will need to carry out a root and branch review of the ways in which their data is stored and used.

He says: "This is a really significant development in legislation which will impact upon all companies across the region, whatever their size. Small businesses will also be affected and now is the time for them to start planning ahead and thinking about the ways in which they store and use their data.

"Poor computer security systems generally, the loss of a laptop with unencrypted information or sending a mass email with the wrong attachment are all good examples of serious breaches of data protection. It could happen to any private or public sector business in the South West."

The corporate law team leader adds: "It is a good idea to check your systems and procedures and make sure that the security levels around your data protection and storage are appropriate to your business. I would encourage people in charge of data to review their practices if they want to avoid the maximum fines that could be imposed. It sends a strong message that breaches of the DPA will be treated far more seriously in the future."

The change in the law stems from the significant losses of personal data since 2007 including the high-profile HM Revenue and Customs' security breach, resulting in the loss of 25 million confidential records relating to child benefit claims.

The Data Protection Act 1998 (DPA) imposes broad obligations on those businesses, professionals and government departments established in the UK who are responsible for processing 'personal data' (data controllers), as well as conferring broad rights on individuals about whom data is collected (data subjects). The Information Commissioner is responsible for enforcing the regime under the DPA.

Tony Welford leads the Corporate Team at Stephens Scown in Cornwall and has extensive experience in the minerals, brewing, leisure, foods, manufacturing and chemicals sectors. For more information call 01872 265100.