In the summer, we wrote an article for our website about the duty imposed on charities where they deal with ‘personal data’, and advising that the Information Commissioner ("ICO") had issued a reminder for charities to carry out their own ‘health check’ of their data protection policies and practices. You can read our article here.
In October, we then heard that the ICO had imposed a fine of £70,000 on a charity because one of its employees left a file containing sensitive personal information about four children outside a house (and the file then went missing). This is the first time the ICO has imposed a fine on a charity, but it serves as a timely reminder that the consequences can be severe if a charity fails to implement procedures to protect personal data, and it also indicates that the ICO is not averse to imposing financial penalties on charities.
All organisations which handle personal data need to comply with the eight data protection principles and this includes making sure employees and volunteers are trained in how to deal with personal data and how to keep it secure.