In November the Information Commissioner's Office (ICO) issued draft guidance on monetary penalties for serious breaches of the Data Protection Act. The guidance was approved on 12 January 2010 by the Secretary of State for Justice, Jack Straw MP, and is expected to come into force on 6 April 2010

It means that the ICO will have the power to impose penalties of up to £500,000 on organisations for losses of personal data. Penalties will only be issued after an investigation into the breach and the level of the penalty will depend on the gravity of the breach and whether the breach was accidental or deliberate, as well as other factors, including the size of the organisation and its financial resources.

The commissioner has said that he "will not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law". The monetary penalties are therefore designed to act as a clear warning for organisations to comply with the data protection principles, or face action from the ICO.

Click here for the case.