This article is also available in:
Deutsch: ICO verhängt erste Strafen für Datenschutz-Verstöße

After having received increased powers in April 2010, the UK Data protection authority (Information Commissioner Office - ICO) has recently used these powers to fine an organisation and a local authority for having breached the Data Protection Act.

Hertfordshire County Council has been fined with about 120 000 Euro for the fact that its employees sent highly sensitive information by fax to the wrong recipients twice, once in June to a member of the public instead of a barrister and the second time, 13 days later, to the office of an unconnected barrister instead of the Watford County Court.

"The Commissioner ruled that a monetary penalty of 100,000 pounds was appropriate, given that the Council's procedures failed to stop two serious breaches taking place where access to the data could have caused substantial damage and distress," was the ICO's statement. The Commissioner considered that the council did not take the necessary measures to reduce the risk of another incident, after the first one.

Employment services company A4e was also fined with about 72 000 Euro for having given a laptop with the unencrypted personal information of 24 000 people to an employee to take home. The laptop was stolen from the employee's home and there was an unsuccessful attempt to access the information. The information included individuals' names, dates of birth, postcodes, employment status, income level, information about alleged criminal activity and whether an individual had been a victim of violence.

ICO is also concerned about Google's collection of personal data with its Street View vehicles. Initially, ICO considered it was unlikely that Google had gathered too much information through its service but after it was revealed that the company had gathered entire emails, user names and passwords by mistake, ICO decided to make an audit of "Google's internal privacy structure, privacy training programs and its system of privacy reviews for new products."

"It is a significant achievement to have an undertaking from a major multinational corporation like Google Inc. that extends to its global policies and not just its UK activities. We will be keeping a close watch on the progress Google makes and will follow up with an extensive audit," stated The Information Commissioner Christopher Graham.

Others are sceptic regarding ICO's influence on Google. "The Information Commissioner is ineffective and is widely held in contempt," said Ross Anderson, a professor of computer science at Cambridge University who believes that the Information Commissioner is not feared by the companies he is supposed to regulate." Mr. Anderson places more hope in the German authorities which, in his opinion, " will have much more influence, and indeed Google now does its privacy research in Munich. (...) They know that if they can sell their privacy policies there, they will work everywhere else."

ICO issues first ever data protection fines (24.11.2010)
http://www.out-law.com//default.aspx?page=11569

Google allows ICO to check privacy practices (22.11.2010)
http://www.out-law.com//default.aspx?page=11563

Google's agreement to delete British WiFi data does not impress experts (22.11.2010)
http://www.dw-world.de/dw/article/0,,6256109,00.html

EDRi-gram: Google admits it was gathering passwords and emails via StreetView (3.11.2010)
http://www.edri.org/edrigram/number8.21/street-view-collects-emails