Government launches consultation on new powers for ICO to issue a maximum £500,000 fine for data protection breaches…

The Government has launched a consultation which would provide the Information Commissioner’s Office – the UK’s data protection regulator – with powers to fine organisations up to a maximum of £500,000 for serious breaches of data protection principles. The aim of the Ministry of Justice is to provide the ICO will the ability to impose robust penalties on those who commit such breaches. The consultation asks whether the proposed maximum fine of £500,000 would provide the ICO with a proportionate sanction. New powers for the ICO to issue civil monetary penalties were created by the Criminal Justice and Immigration Act 2008 and are expected to come into force next April. The powers will permit fines to be levied by the ICO where:

• A data controller has breached of one of the eight data protection principles;
• The breach was deliberate or the data controller knew, or ought to have known, of the contravention risk;
• The contravention would be likely to cause substantial damage or substantial distress; and
• The data controller failed to take action to stop it.

The consultation closes on 21 December 2009.