The Information Commissioner’s Office (ICO) are responsible for administering Data Protection rules in the UK. They regularly fine businesses and organisations who mishandle personal information. Recent examples include an NHS Trust fined £175,000 for accidently uploading details of their staff’s religious beliefs and sexual preferences to a public website. In another case a council was fined £70,000 after documents with information about vulnerable children were stolen from a social worker’s home during a burglary.
The ICO do not just take action after data has been lost or mistakenly published though. They also regularly fine businesses who have not registered with them. A campaign by the Information Commissioner’s in Wales, last year, lead to several estate agents being prosecuted. In March the owner of Newbank Estate and Letting Agents was ordered to pay a £100 fine, £250 towards prosecution costs, and a £15 victims’ surcharge. In December the owner of Merfyn Pugh Estate Agents given a conditional discharge of six months and was ordered to pay £614 towards prosecution costs. In both cases it was pointed out that the maximum fine they could have received was £5000. For many business owner’s the fine, even if it is thousands of pounds, is a lesser issue. Being prosecuted and getting a criminal record is often more traumatic.
One of the most recent cases where the ICO have brought a prosecution was against a bar and restaurant owner in Lancashire who had failed to register his CCTV equipment. He was fined £100 and ordered to pay £250 prosecution costs plus an additional £15 victim surcharge. This highlights the broad range of businesses and organizations who need to register with the ICO. It is not just people like councils and hospitals who handle sensitive data that need to comply. Any business or organization that handles personal information about the public, or who operate CCTV, need to be registered.
The ICO provide a guide as to whether your business needs to register or not which you can download from their website. It is important to remember that you do not just need to register with the ICO. You also need to comply with their rules on data handling. This includes how you store information, who had access to it, how long you keep it for and how you destroy it.
The data protection registration process is quite simple, and so is complying with the rules. It is certainly not worth getting prosecuted for not doing it.
The Company Warehouse can do your data protection registration with the Information Commissioner’s Office for you. As part of the package we will give you guidance on how to comply with the data protection rules.