The Data Protection Act 1998 requires organisations or individuals who process personal information in an automated form to notify the ICO, unless they are exempt. Failure to do so is a criminal offence and could lead to a fine of up to £5,000 in a Magistrates Court. If the case goes to the Crown Court then
the fine could be unlimited.
John Merfyn Pugh, of Merfyn Pugh Estate Agents, pleaded guilty at Caernarfon Magistrates Court and was given a conditional discharge of six months. He was also ordered to pay £614 towards prosecution
costs.
A spokesperson for the ICO said: “Registering as a data controller is a basic
legal requirement of the Data Protection Act. The fee for most businesses is
£35 a year. Merfyn Pugh Estate Agents’ failure to register – even after being
prompted to do so by the ICO – has cost them much more today.
“The message behind today’s prosecution is clear – ignore warnings and you too could end up in court.”
The case shows the increasing willingness of the ICO to take action against data
protection breaches.
Powys County Council was recently fined £130,000 for disclosing child protection
details.
In another case, a receptionist was prosecuted for unlawfully accessing her sister-in-law’s medical records.
Please contact us if you would like more information about the issues raised in this article.
