Call us on 0800 389 9309

Tough Stance by ICO on Data Breaches

Published on 23 January 2013

Recent changes to the EU Directive on Data Protection as well as a tougher stance by the Information Commissioner’s Office on data breaches by organisations such as the NHS are all signs that attitudes are changing and complacency is not justified any longer when it comes to handling confidential waste.

Four local councils have been fined a total of £300,000 for losing personal data. The penalties mean that nineteen local councils have now received monetary penalties for breaching the Data Protection Act, totalling £1,885,000

Information Commissioner Christopher Graham said:

“We are fast approaching two million pounds worth of monetary penalties issued to UK councils for breaching the Data Protection Act, with nineteen councils failing to have the most straightforward of procedures in place

“It would be far too easy to consider these breaches as simple human error. The reality is that they are caused by councils treating sensitive personal data in the same routine way they would deal with more general correspondence. Far too often in these cases, the councils do not appear to have acknowledged that the data they are handling is about real people, and often the more vulnerable members of society.

“The distress that these incidents would have caused to the people involved is obvious. The penalties we have issued will be of little solace to them, but we do hope it will stop other people having to endure similar distress by sending out a clear message that this type of approach to personal data will not be tolerated.

“There is clearly an underlying problem with data protection in local government and we will be meeting with stakeholders from across the sector to discuss how we can support them in addressing these problems.”

The ICO is pressing the Ministry of Justice for stronger powers to audit local councils’ data protection compliance, if necessary without consent.  The same powers are sought for NHS bodies across the UK following a series of data protection breaches in the health sector.

Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is: 

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection

Other News

At Lombard Recycling we can collect and recycle old computer equipment and destroy the hard drives
[Read More]
Why you should outsource your paper shredding service
[Read More]
Expansion to our onsite shredding fleet of trucks
[Read More]
Now that the festive period is over and we move into a new year, you need to make sure your business appropriately deals with the post-Christmas mess in the most environmentally-friendly ways.
[Read More]
Your business has an impact on the environment. Whether you’re eco-conscious or not, there’s no denying that companies have a major impact on pollution and the quality of the environment. Take a look at our tips for reducing your company’s carbon footprint.
[Read More]
To see our most recent updates please see our Latest News.
For all other news articles please visit our News Archive.

© 2017 Lombard Recycling Ltd, registered in England No. 2757545

ISO 9001:2000 Code of Practice BS7858

European Information Destruction Standards BS EN 15713

Sitemap | Contact us | Legal | Cookie audit | Terms and Conditions | mso

Logos