Monetary Penalty Notices

The ICO, the UK’s data protection authority, published its 2014-2015 annual report. Most noticeably, the ICO announced that they had enforced no successful appeals against Monetary Penalty Notices. The ICO can impose civil monetary penalties of up to £500,000 for serious breaches of the Data Protection Act 1998, but this can be reduced by 20% if paid within 30 days, and will not be enforced until the period for appeal has ended. In contrast, nearly £600,000 worth of monetary penalties were successfully challenged on appeal last year.

This 100% success rate meant that, despite a significant drop in the size of financial penalties issued (from almost £2 million in 2013/2014 to just £1.1 million), the amount received actually only fell by £115,000. The reduction in the amount of fines issued corresponds with the fact that the number of concerns received by the ICO this year also fell, suggesting that organisations are following ICO guidance and improving their data protection compliance.Continue Reading UK ICO Annual Report highlights 100% success rate for monetary penalties imposed

This post was written by Cynthia O’Donoghue.

A judgement of the Upper Tribunal of the UK Information Rights Tribunal (the Tribunal), in the case of Central London Community Healthcare Trust v Information Commissioner [2013] UKUT 0551 (AAC), has ruled that organisations which voluntarily report incidents of data security breaches to the ICO do