This week saw the Information Commissioner use his new powers under the Data Protection Act to impose the first fines for serious data protection breaches.

Google escaped a fine over its Street View service earlier this month. Hertfordshire County Council was not so fortunate. The Commissioner fined the Council £100,000 for two offences where employees faxed confidential and sensitive information to the wrong recipients. As well as the sensitivity of the information and the possibility of the breaches causing substantial distress, the amount of the penalty reflected the fact that it had failed to put effective procedures in place after the first incident. Residents won't be impressed that the Council has incurred this fine as it is already struggling to cut £150m from its budget.

Also, the Comissioner fined Ae4, an employment services company based in Sheffield, £60,000 for the loss of an unencrypted laptop which contained personal details of 24,000 people who had sought legal advice. This hasn't been the first loss of an unencrypted laptop and definitely won't be the last.

In fact, this is just the start. The Commissioner had pushed for greater powers and these are the first fines since his powers were improved earlier this year but they still fall short of the £500k maximum. All organisations need to be vigilant when dealing with personal data. As the Commissioner stated: “Get it wrong and you do substantial harm to individuals and the reputation of your business. You could also be fined up to half a million pounds.”