The Information Commissioner has levied substantial fines on two organisations after serious breaches of The Data Protection Act.

Hertfordshire County Council has been fined £100,000 after two cases of sensitive information being faxed to wrong numbers. The cases related to child sex abuse and child case proceedings. The fine was based on the lack of procedures to prevent the error in the first instance and the lack of steps taken to reduce the likelihood of the reoccurrence which in fact did happen.

The second instance was with a company A4e who were fined £60,000 where an employee was given a computer to use at home which was subsequently stolen. The computer contained details of 24,000 people who had used the community legal advice centres. It was ruled that the company did not take reasonable steps to ensure and avoid the loss of data when it gave the employee an unencrypted computer knowing the amount and type of data it contained.

This emphasises the type of action that can be taken where personal information can be accessed by others which can do substantial harm to both individuals and the reputation of businesses.