MPs have passed legislation giving the Information Commissioner the power to impose substantial fines on organisations that deliberately or recklessly commit serious breaches of the Data Protection Act.
The Criminal Justice and Immigration Act received Royal Assent on Monday creating tough new sanctions for the privacy watchdog, the Information Commissioner’s Office (ICO).
Under the legislation, anyone who processes personal information must comply with eight principles which all data processors must be aware of.
The eight principals, which all data processors must be aware of state personal information must be fairly and lawfully processed; be only used for limited purposes; be adequate, relevant and not excessive; and be accurate and up to date.
Data should not be kept for longer than necessary, and must be held securely. Anyone giving their information to be processed must be aware of their rights, and the data should be processed in line with these rights. It should also not be transferred to other countries without adequate protection.
David Smith, deputy Information Commissioner, said: “This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people’s personal information.
“The prospect of substantial fines for deliberate or reckless breaches of the Data Protection principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously.”
The change in law follows a long campaign by the ICO for more effective sanctions against organisations that fail to live up to their responsibilities under the Data Protection Act.
Under previous legislation the ICO only had powers to issue an enforcement notice against organisations in breach of the Act.
Two weeks ago, the Information Commissioner, Richard Thomas, said NHS chief executives should be personally responsible if their department or trust loses or mishandles personal information.
Smith added: “This new power will enable some of the worst breaches of the Data Protection Act to be punished. By demonstrating that the law is being taken seriously tougher sanctions will help to reassure individuals that data protection matters and give them confidence that organisations have no choice but to handle personal information properly.
“The fact that strengthening the Data Protection Act has cross party support demonstrates the growing consensus on importance of effective data protection.”
Links
NHS chief execs may be accountable for data loss
The Criminal Justice and Immigration Act
© 2008 E-HEALTH-MEDIA LTD. ALL RIGHTS RESERVED.
05 April 2012
EHealthInsider: Latest news from EHI Final death knell for HealthSpace - The NHS own health organiser, HealthSpace, has been confir... http://t.co/Bn0kuOGe
7 hours 11 minutes
ago
EHealthInsider: Latest news from EHI ICO fines second trust but faces appeal http://t.co/7q16DLPV
10 hours 34 minutes
ago
EHealthInsider: Latest news from EHI Fate of NPfIT funds ?complicated? - The new NHS information strategy runs to 100 pages, but say... http://t.co/gtEBOjpl
1 day 52 minutes
ago
EHealthInsider: Latest news from EHI New NHS information strategy unveiled - The new NHS information strategy, published today, urge... http://t.co/SPGD365e
1 day 16 hours 36 minutes
ago
EHealthInsider: NHS information strategy to be published this morning - aims to create digital first health service http://t.co/2kzMgfoB #NHS #healthit
1 day 18 hours 10 minutes
ago
