Peter Quigg of PDQ Property Sales has been convicted under Section 17 of the Data Protection Act for failing to notify the ICO that his business processes personal data. The Data Protection Act 1998 requires that any organisation, or person, that processes personal information in an automated form must notify the ICO. Failure to notify is a criminal offence, a strict liability offence. With amendments to the law made by the Data Protection (Monetary Penalties) Order 2010, organisations that find themselves in breach of the Data Protection Act 1998 can now face fines up to £500,000.00. If you are unsure as to whether you should notify the ICO you can go to their website where you can complete some simple online questions which are designed to establish your "notify" requirements.
The Data Protection Act is based upon eight principles. These require that the data must be:
1. Fairly and lawfully processed
2. Processed for limited purposes only
3. Adequate, relevant and not excessive
4. Accurate
5. Not kept longer than is necessary
6. Processed in accordance with the data subjects rights
7. Secure
8. Not transferred to other countries outside of the European Economic Area without adequate protection
Head of Enforcement at Information Commissioner’s Office, Mick Gorrill commented:
“This case should serve as a warning to all organisations that are processing personal date — failure to notify is a criminal offence that could land you in Court.
This requirement is written into data protection legislation for a number of very valid reasons, not least because it gives people an added assurance that businesses and other organisations understand the need to keep their personal details secure”.
Today’s Conveyancer, bringing you the latest conveyancing news and updates.
