The Information Commissioners has been given new powers to impose financial penalties of up to £500,000 for serious breaches of the Data Protection Act 1998. The Information Commissioner’s Office has published statutory guidance on the circumstances in which the Commissioner will issue fines and the level of these. The new powers are expected to come into force on 6 April 2010. The Commissioner will have power to impose financial penalties where there are serious breaches of the Data Protection Act such as in the previous cases of loss of confidential records.

Data controllers should urgently review their practices and systems to reduce the risk of fines.