Two recruitment agencies have been fined and ordered to pay costs totaling over £2,500 after a successful prosecution under the Data Protection Act 1998 by the Information Commissioner’s Office (ICO).
Both firms were given repeated reminders that they had a duty to notify the ICO that they were data controllers. To register would have cost each of them £35 per annum.
However, they repeatedly ignored reminders and were both ordered to pay fines by the Magistrates’ Court at a cost of £300 and £500.
The most significant penalty incurred by the agencies was as a result of being ordered to pay the prosecution costs, which totalled £1,753.20.
It is vital that businesses and organisations take their obligations under the Data Protection Act seriously. In practical terms, most organisations that process personal information must be registered with the ICO and to flout the requirements, as the above examples show, can prove to be very expensive.
Processing personal data without notifying the Information Commissioner is a criminal offence punishable by a fine of up to £5,000 summarily, or an unlimited fine on indictment.