UK: Consultation paper on monetary penalties for data breaches
In Parliament yesterday, the Minister of State, Ministry of Justice, Mr. Michael Wills said:
I am today publishing a consultation paper entitled “Civil Monetary Penalties, Setting the Maximum Penalty”. The paper explains the Government’s proposal to set the maximum penalty for civil monetary penalties at £500,000. Civil monetary penalties, as set out under sections 55A-E of the Data Protection Act 1998 (DPA) would be imposed by the Information Commissioner for serious breaches of the data protection principles.
The Government are particularly seeking views from data controllers on the level of the proposed penalty, but responses to the consultation are welcome from anyone with an interest. The Government’s proposal to introduce civil monetary penalties reflects the importance that Government place on safeguarding personal data effectively and processing them responsibly and lawfully. The proposals will potentially affect data controllers in England, Wales, Scotland and Northern Ireland, so this consultation is UK-wide.
Before imposing any civil monetary penalties the Information Commissioner has a statutory obligation to publish detailed guidance setting out the criteria it will use when imposing a civil monetary penalty, and circumstances it will take into consideration.
The Information Commissioner’s Office has published on its website the latest draft of its guidance on civil monetary penalties and would welcome comments on it.
The introduction of civil monetary penalties should contribute to increased compliance with the data protection principles and greater confidence for data subjects that their information is being handled correctly.
Hat-tip, The Register.