New powers, designed to deter personal data security breaches, are expected to come into force early 6 April 2010. The Information Commissioner's Office (ICO) will be able to order organisations to pay up to £500,000 as a penalty for serious breaches of the Data Protection Act.
A monetary penalty notice is a notice requiring a data controller to pay a monetary penalty of an amount determined by the Commissioner and specified in the notice. The amount of the monetary penalty determined by the Commissioner must not exceed £500,000. The monetary penalty is not kept by the Commissioner, but must be paid into the Consolidated Fund owned by HM Treasury.
The Commissioner may impose a monetary penalty notice if a data controller has seriously contravened the data protection principles and the contravention was of a kind likely to cause substantial damage or substantial distress. In addition the contravention must either have been deliberate or the data controller must have known or ought to have known that there was a risk that a contravention would occur and failed to take reasonable steps to prevent it.
For further information- Information Commissioner's Website www.ico.gov.uk
