Are You Protected Against The Data Protection Act?

Data protection continues to make the headlines. Nowadays it is hardly possible to read the newspaper or to listen to the news to find an organisation breaching its data protection obligations and under investigation by the Information Commissioner’s Office.

But new powers given to the ICO last year mean tougher penalties for businesses breaching the laws on data protection.

Whilst the Data Protection Act has existed in some shape or form since 1984 it is amazing how many organisations processing personal data or sensitive personal data still fail in their legal duties. The complexity of the legislation and perceived lack of severe consequences of enforcement proceedings are partly the problem. but things are changing drastically.

Members of the public are now more aware of the importance of protecting their personal details and the number of breaches of the Act referred to the Office of the Information Commissioner has increased..

As a result of these developments the Office of the Information Commission has increased its staff to deal with the complaints and is taking a pro active approach with organisations breaching the Act, particularly when companies process sensitive personal data.

These breaches face tougher penalties since the Criminal Justice and Immigration Act, came into effect at the end of last year. Substantial fines can be imposed on organisations that deliberately or recklessly commit a serious breach of the Act, for example, the failing to tell the ICO that a business is processing personal or sensitive data or failing to keep personal or sensitive data stored on a memory stick or laptop that is lost or stolen.


In addition the ICO can and has demanded a business to cease using specific databases in the provision of their services, thereby crippling their business as well as issuing fines.

In instances where organisations blatantly disregard their obligations under the Data Protection Act, the Information Commissioner Office’s are ready to take organisations to court for failing to notify, which many view as only a small part of complying with the Act.


It is vital that business are aware of its obligations under the Data Protection Act and ensure that they fully comply with them, otherwise the consequences could be severe.

In the majority of cases, the Information Commissioner issues fines and enforcement notices requiring the relevant organisation to take corrective measures to become compliant.

However, in some cases the consequence of the Information Commissioner taking action was the closure of a business.


In the current economic client, business may take some short cuts in relation to its data protection obligations to save money. However, given that the ICO will not look kindly on such an attitude, this could be a false economy.

Published 06/05/2009. The author of this article is Marlene Howels