First Fines for UK Data Protection Breaches Levied – The Information Commissioner Flexes His New Muscles

November 25, 2010

On 24 November 2010 the Information Commissioner served two organisations with the first fines for serious breaches of the Data Protection Act 1998, since its enforcement powers came into effect in April 2010.

The first penalty of £100,000 was issued to Hertfordshire County Council for two serious incidents in which council employees faxed highly sensitive personal information, including information relating to a child sex abuse case, to the wrong recipients.

The second fine of £60,000 was issued to A4e, an employment services company, for the loss of an unencrypted laptop containing the personal information of 24,000 people who had used community legal advice centres in Hull and Leicester.

Whilst these fines are far from the maximum monetary penalty of £500,000 it signals a change in approach for the Information Commissioner’s Office, which has traditionally been reluctant to use these types of penalties. However, it still seems that fines will only be imposed in cases where there are serious violations of the Data Protection Act. We expect to see the Information Commissioner using these powers more freely and issuing more fines going forward.

Related pages:

Data protection privacy & emarketing more

Data Protection, Privacy and emarketing more

Technology, Media & Digital more

icons Addthis Print Contact Register


tel: +44 (0) 20 7628 2000
10 Finsbury Square, London, EC2A 1AF
View map


  • Top Ranked Chambers UK 2014 - Leading Firm
  • Ranked in Chambers Europe 2013 - Leading Individual
  • Ranked in Chambers Global 2014 - Leading Firm
  • Legal 500 - Leading Firm
  • The Lawyer UK 200 - Listed Firm
  • The Law Society Excellence Awards 2012 - Shortlisted
  • Investors in People - Bronze