Public sector fined £2m for data breaches

05 November 2012

NHS bodies, police and local councils have accumulated fines of more than £2m over the last 18 months for serious breaches of the Data Protection Act, it has emerged.

The figure, set to increase after Stoke-on-Trent council's recent £120,000 fine, was confirmed by the Information Commissioner's Office (ICO) to V3.

Public sector bodies have be hit with the bulk of data breach fines, with many being imposed on the health service and local authorities – public bodies which hold particularly sensitive information.

The ICO has taken action in these areas after repeated failings from public bodies to protect people's personal data.

In the NHS, warnings have emerged that fines could impact on patient care.

But the ICO told Publicservice.co.uk its monetary penalty powers, which can extend up to £500,000, acted as "a very important way to discourage others from making the same data protection mistakes".

John O'Connell from The TaxPayers' Alliance told V3 public sector bodies needed to improve data handling to avoid fines. Taxpayers did not want their "hard-earned cash spent on fines even if the money finds its way back into central funds, he said. "A significant amount will be lost along the way in bureaucratic churn".

Ross Parsell, a government and commercial account director at Thales UK said the £2m worth of fines showed basic information security lessons were not being learned in the public sector.

"Organisations need to rethink their approach to information security and take care to classify and protect data itself according to the sensitivity of that information," he said.

The finding follows recent news that NHS bodies lost data on 1.8 million patients in a single year.