British Pregnancy Advice Service fined
The British Pregnancy Advice Service (BPAS) was fined £200,000 after its lax cyber security and weak website code allowed a malicious hacker to access the personal information of thousands of people who had called the service for advice on pregnancy, birth control and other sexual issues. An investigation by the ICO discovered the charity did not even realise that its website stored the names, addresses, dates of birth and telephone numbers of callers. In addition to failing to secure personal information, the BPAS also breached the Data Protection Act by retaining call information five years longer than necessary. Although the BPAS was woefully ignorant of its violations, ignorance is not a valid excuse for avoiding fines.
Department of Justice Northern Ireland fined
In an embarrassing oversight, the Department of Justice Northern Ireland (DoJ NI) was fined £185,000 for inadvertently releasing sensitive personal information relating to victims of a terrorist incident. The DoJ NI sold a filing cabinet to a member of the public in May 2012, but neglected to inspect the cabinet’s interior, which contained papers dating from the 1970s to 2005, before selling it. The buyer, on finding the documents, realised they were important and quickly contacted the Police Service Northern Ireland to return them.
Avoid fines by registering your company with the ICO
A green energy company based in Cardiff was prosecuted by the ICO after failing to disclose that it handled customers’ personal data. The company’s director was fined £270 and ordered to pay a £27 victim surcharge and £300 in prosecution costs. The company was fined the same amounts. Under the Data Protection Act, companies must register with the ICO if they handle customers’ personal data. That way the ICO can ensure companies deal with sensitive data securely and compliantly. Generally, registration involves paying an annual notification fee of £35 and providing information on the types of personal data the company processes. Weigh your options—would you rather pay £35 now or £600 later?