Practices risk hefty fine for data breaches

Practices risk hefty fine for data breaches

19 April 2010

GPs and practices face hefty fines under new powers to curb personal data security breaches.

A maximum fine of £500,000 can now be levied against organisations guilty of serious breaches of the Data Protection Act.

The Information Commissioner’s Office (ICO) has been granted new powers by the government which came into effect this month. The ICO can now hand down fines, known as civil monetary penalties, in cases where data has been lost either deliberately or negligently and the breach is likely to cause damage or distress to the person involved.

Before the change in law, practices faced only limited sanctions from the ICO for data security breaches such as an enforcement notice or, in some serious cases, criminal prosecution.

Information Commissioner, Christopher Graham, said: “A security breach can cause real harm and great distress to thousands of people. These penalties are designed to act as a deterrent and to promote compliance with the Data Protection Act.”

The NHS has been at the centre of a number of high-profile data breaches in recent years, including the theft of a laptop containing thousands of confidential patient records from an unlocked car in 2009 and the loss of data keys holding confidential information. Practices are urged to review their data protection policies to ensure they comply with the Data Protection Act.

All Content and Images are  the Copyright property of
The Mid Mersey Local Medical Committee. 
© 2014 - 2021. All Rights Reserved.