Companies across Cornwall are being warned they could face fines of up to £500k for serious breaches of the Data Protection Act 1998 when new laws are introduced later this year.
New powers and serious fines, expected to come into force on April 6, will mean local businesses could be penalised financially by the Information Commissioner’s Office (ICO) to the tune of up to half a million pounds.
Tony Welford, partner with regional legal firm Stephens Scown which has offices in Truro and St Austell, believes employers in Cornwall will need to carry out a root and branch review of the ways in which their data is stored and used.
He said: “This is a really significant development in legislation which will impact upon all companies across the region, whatever their size. Small businesses will also be affected and now is the time for them to start planning ahead and thinking about the ways in which they store and use their data.
“Poor computer security systems generally, the loss of a laptop with unencrypted information or sending a mass email with the wrong attachment are all good examples of serious breaches of data protection. It could happen to any private or public sector business in Cornwall.”
The corporate law team leader added: “It is a good idea to check your systems and procedures and make sure that the security levels around your data protection and storage are appropriate to your business. I would encourage people in charge of data to review their practices if they want to avoid the maximum fines that could be imposed.”
The change in the law stems from the significant losses of personal data since 2007 including the high-profile HM Revenue and Customs’ security breach, resulting in the loss of 25 million confidential records relating to child benefit claims.
