The ICO continues to hand out large Civil Monetary Penalties (CM
The latest and largest is £325,000 to the Brighton and Sussex University Hospitals NHS Trust and only the 3rd CMP to an NHS body.

The ICO has issued more than 15 penalties exceeding £50,000 in the last 18 months, mostly to Local Government, but all three in the NHS are above this figure.

The ICO has taken a long time to penalise the NHS preferring to issue Undertakings or Enforcement Notices in an effort to get good policy and practices in place. However, where the ICO feels these have not been followed quickly or to the degree expected or the breaches are on a large scale, it has started imposing fines commensurate with similar breaches in other types of organisations dealing with sensitive data.

To see the recent history of ICO action visit:

  • The ICO has a number of options available from Undertakings through to Prosecution. Criminal fines can be up to £5,000 in a Magistrates Court and unlimited in the higher courts. CMP’s are presently capped at £500,000 but under the proposed European Data Protection Act fines could be considerably higher with numbers in the order of €1 million or 2% of turnover been discussed.

    Call or email us discuss a wide ranging review of your Information Management strategy.

    Telephone 01628 632629