This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

ICO nears £2 million in issued monetary penalties

Share this article:
Two county councils fined by ICO over 'serious email errors'
Two county councils fined by ICO over 'serious email errors'

As the Information Commissioner's Office (ICO) nears £2 million in issued monetary penalties, its head has admitted that there ‘is an underlying problem with data protection in local government'.

Reflecting on 2012 and two and a half years since it was given the power to issue monetary penalties, information commissioner Christopher Graham said that nineteen councils failing to have the most straightforward of procedures in place shows that ‘there is an underlying problem with data protection in local government'.

He said: “It would be far too easy to consider these breaches as simple human error. The reality is that they are caused by councils treating sensitive personal data in the same routine way they would deal with more general correspondence.

“Far too often in these cases, the councils do not appear to have acknowledged that the data they are handling is about real people, and often the more vulnerable members of society.

“The distress that these incidents would have caused to the people involved is obvious. The penalties we have issued will be of little solace to them, but we do hope it will stop other people having to endure similar distress by sending out a clear message that this type of approach to personal data will not be tolerated.”

Graham said that it will be meeting with stakeholders from across the sector to discuss how the ICO can support them in addressing those problems.

Speaking to SC Magazine earlier this year, Graham said that one problem with local authorities, councils and government is that staff are dealing with personal information which is often sensitive; and that staff have to be made aware that they are dealing with people and not just numbers.

At the SC Magazine Total Security Conference in the summer, the ICO's principal policy adviser (technology) Dr Simon Rice, said that the 19 monetary penalties issued to businesses was ‘19 too many' and issuing finest was ‘not something that the office enjoys doing and it does not represent everything that we do'.

Also at the Gartner Security and Risk Management Summit, David Smith, deputy commissioner and director for data protection at the ICO, said that it was pressing for ‘power of custodial sentence', primarily for sentences that were 'punishing for not doing things properly'.

Asked if there was a timeline for custodial sentences to be introduced, Smith said there was not but said it was something the ICO had been pressing for a long time. “The government have resisted for several reasons, such as they do not believe in creating more and more crimes that can carry prison sentences, also Leveson is looking at this following the actions of journalists, so let's wait for his report,” he said.

The ICO also said that it is pressing the Ministry of Justice for stronger powers to audit local councils' data protection compliance, if necessary without consent. The same powers are sought for NHS bodies across the UK following a series of data protection breaches in the health sector.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...