The UK’s Information Commission Office has issued its first fines for breaches of the country’s Data Protection Act.
A regional council and an employment services firm have been fined £100,000 (€118,096) and £60,000 respectively for what the Commission called “serious” breaches of the Act during 2010.
Neither organization took appropriate steps to prevent the breaches, the Commission stated.
“These first monetary penalties send a strong message to all organizations handling personal information,” Commissioner Christopher Graham said, adding that firms risk fines of up to £500,000 for breaching the Act.
The fines are the first issued by the Commission since it gained the power to punish breaches with financial penalties in April, the BBC reported.
Stewart Room, a partner at law firm Field Fisher Waterhouse, told Computer Weekly the fines show the Commission has come of age, and is no longer the poor man of Europe in terms of its clout.
UK law firm ACS Law could also be fined, after it leaked details of 13,000 Web users in September, The Guardian notes. The Commissioner must decide if the firm’s security was lax or if the leak was the result of a hacking attack, the newspaper said.