In a stark warning, Higgs & Sons is advising businesses across the region that failure to comply with the Data Protection Act could land company bosses with fines or even imprisonment.
Kate Legg, a solicitor with Higgs & Sons, believes that many directors still don’t know the law, or even choose to ignore it, when it comes to handling data within their businesses.
She says: “The Information Commissioner maintains a public register identifying organisations that process personal data and the ways in which that data is used. Notification is the process by which businesses submit their details for inclusion on the register. Notification is a requirement under the Data Protection Act and failure to notify if required to do so is a criminal offence and could result in a fine or even imprisonment.”
The Information Commissioner's annual report for 2008/2009 reveals that over 85 per cent of the prosecutions that the Information Commissioner brought between April 2008 and March 2009 were related to failure to notify, or incorrect notifications.
Changes to the notification regime are due to be implemented on 1st October 2009 and businesses are urged to check that their registrations are up to date before then.
Kate explains: "As of 1st October, a two-tier fee structure will be introduced. Businesses with a turnover of more than £25.9 million and more than 250 employees will face the higher notification fee of £500. The fee remains at £35 for all other businesses.”
Breaches of information security continue with alarming frequency. Already this month, the Information Commissioner reported two incidents regarding data security.
One such case involved Sandwell MBC, which was recently investigated after a memory stick containing details of children in its care was lost.
This follows another incident earlier this month, in which a laptop was stolen from Wigan Council. The laptop contained details of around 43,000 children and young people. The information had been downloaded to the laptop by an employee in breach of the council's security policy. Neither the information on the Sandwell memory stick nor Wigan laptop had been encrypted.
Kate concluded: “These cases illustrate the need for continued vigilance and to guard against complacency in handling information. All businesses should have policies in place regarding the handling of personal information and staff must be both trained upon them and continually updated and reminded of the importance of these procedures.”
For more information about Higgs & Sons’ commercial department and assistance with the Data Protection Act, please contact Kate on 01384 342100.