accountants Hawsons have warned companies that they could be hit by crippling fines and have their reputations ruined for losing confidential data even when it isn’t their fault and no harm results.
Charles Kavazy, director of IT services at the Sheffield firm, said that during the first 11 months of the year 20 UK organisations were fined £2.4 million for losing data and many others are at risk.
“In almost all of the cases, nobody was harmed by the loss but the reasons the fines were so high is because the Data Protection Act states that organisations need to ensure a level of security for their data appropriate to the harm that might result from data loss,” says Mr Kavazy.
“The fines are based, therefore, not on the harm or loss or damage that has occurred but the harm or loss or damage which might occur.”
Mr Kavazy adds that companies could be equally at risk even if another business loses their data and he says it is a misconception to think that responsibility rests with an outsourcing business if they have caused the loss.
“If, for example, one of your outsourced IT, pension, health or other providers loses your data, it is you who will be fined by the Information Commissioner’s Office and not your outsourced supplier. It is your responsibility to ensure that your suppliers apply a level of security appropriate to the harm that might result from any loss,” said Mr Kavazy.