The UK Information Commissioner has issued its first monetary penalties for serious data protection breaches of the UK Data Protection Act.
According to the release, the fines were levied against Hertfordshire County Council (£100,000) for faxing sensitive information to the wrong recipients on two occasions and to A4e Limited (£60,000) for the theft of an unencrypted laptop from an employee home which was carrying sensitive data on 24,000.
These two organizations both notified the Commissioner and took steps to improve their policies. So, I concur with Computer Weekly - what will these fines accomplish?
Though I agree that both of these cases were avoidable, and policies should have prevented them, are they the worst offenders? Would fining them help prevent other companies from making the same mistakes? Or will it encourage companies to hide their mistakes?
What do you think?