• UK Information Commissioner Wields First Fines for Violations of Data Protection Act
  • December 22, 2010 | Authors: Daniel P. Cooper; Henriette Tielemans
  • Law Firms: Covington & Burling LLP - London Office ; Covington & Burling LLP - Brussels Office
  • On 24 November 2010, the UK Information Commissioner’s Office (“ICO”) issued its first fines for breach of the Data Protection Act 1998 since its extended enforcement powers came into effect in April. The first penalty of £100,000 was imposed on Hertfordshire County Council after it negligently released sensitive personal information, including information relating to a child sex abuse case, to unintended recipients on two separate occasions. The second fine, of £60,000, was imposed on an employment services company following the theft of an unencrypted laptop that contained sensitive information on thousands of individuals who had used community legal services, including information about alleged criminal conduct. Both organizations self-reported the incidents to the ICO.