Hospitality venues like any and all others businesses must ensure that they comply with data protection principles – or now risk a fine of up to £500,000 for serious contraventions of the Data Protection Act.
The first monetary penalties for serious breaches of the Data Protection Act were issued on 24 November 2010 by the Information Commissioner. Penalties of £100,000 and £60,000 were issued to Hertfordshire County Council and the employment services company A4e respectively.
Hertfordshire County Council was fined for two serious incidents where council employees faxed highly sensitive personal information to the wrong recipients, and A4e for the loss of an unencrypted laptop which contained personal information relating to 24,000 people.
Talking about the fines, John Macaulay, Head of Greenwoods’ Data Protection team, said “Since 6 April 2010, the Information Commissioner has had the power to issue a monetary penalty of up to £500,000 for serious contraventions of the Data Protection Act. The announcement of 24 November marks the first time that a penalty has been imposed under the new powers.”
Information Commissioner, Christopher Graham said: “These first monetary penalties send a strong message to all organisations handling personal information. Get it wrong and you do substantial harm to individuals and the reputation of your business. You could also be fined up to half a million pounds.”
Confirming the position John Macaulay said: “The Commissioner will impose a fine if a data controller has seriously contravened the data protection principles and the contravention was of a kind likely to cause substantial damage or distress. In addition, a fine will only be imposed if the contravention was deliberate, or if the data controller knew or ought to have known that there was a risk that a contravention would occur and failed to take reasonable steps to prevent it.”
In terms of what businesses need to do to avoid falling foul of the rules, John suggests: “Businesses should consider reviewing their policies on, and general approach to, data protection issues. Particular emphasis should be paid to data security. Employers may also wish to consider a data protection audit which will assist in identifying potential weaknesses in their systems so that these can be remedied before a breach occurs.”
If you would like to speak to someone regarding data protection compliance or would like further information regarding data protection audits, John Macaulay from Greenwoods Solicitors LLP can be contacted on 01733 887708
The information contained in this article is intended to be a synopsis only. Before acting on it, you should take professional advice.
Written by John Macaulay, Director and Head of Employment & Employee Benefits Department
Greenwoods Solicitors LLP,
Monkstone House,
City Road,
Peterborough PE1 1JE.
Tel: 01733 887700
For more information on catering equipment click here