Small businesses could now be fined up to £500,000 for data security breaches under new rules coming into force today.
The law change gives new powers to the Information Commissioner’s Office (ICO) to penalise firms in the event of a data security breach.
Under the new rules, the ICO will be able to fine businesses up to £500,000 if they lose individuals’ confidential data. Until now, the maximum fine the ICO could issue for serious breaches of the Data Protection Act was just £5,000.
Robert Guice, executive vice president of document destruction company Shred-it welcomed the new rules as a step towards improving data security within the UK, but warned small businesses to be vigilant about protecting confidential information.
He said: “With fraud on the rise, information security is more important than ever for businesses looking to protect their financial standing and corporate reputation.
“Small businesses in particular make easy targets for data theft. While larger companies have resources dedicated to protecting the security of their data, small businesses don’t always have the means or knowledge needed to effectively manage the threat.”
A recent report by IT security and computer forensics specialists 7Safe found that 66% of data security breaches that occurred in the last 18 months took place in small companies, employing less than 100 people.
Some 80% were caused by sources external to the organisation while 18% were carried out by business partners.
“Without doubt, data breaches affect businesses of all sizes, but many small business owners simply aren’t taking the necessary steps to create ongoing data security policies and practices, including training their employees,” added Guice.
“Small businesses who neglect the need for good and robust management of their confidential data will now pay a high price.”
© Crimson Business Ltd. 2010