Yet again, data breaches are in the spotlight. The Information Commissioner’s Office (ICO) made its first round of data breach fines last week, effectively giving the Data Protection Act (DPA) “teeth.” The ICO showed that its bite lives up to its bark, penalizing a local council and an employment services firm to the tune of a combined £160,000.
But, future fines are largely avoidable, if organisations adhere to security best practice. For a data breach to attract financial penalty, the ICO must be satisfied that a serious breach is likely to cause “damage or distress” and that it was either “deliberate” or “negligent” and that the organisation “failed to take reasonable steps to prevent it.”
Information has become the lifeblood of organisations and it must be managed properly. To avoid further data breach fines, organisations need clear guidelines in place to determine how sensitive information is used.