The Information Commissioner’s Office (ICO) has announced that its new powers to fine businesses for serious breaches of the Data Protection Act will take effect on 1 April 2010.

Unlike other EU data protection regulators and UK sectoral regulators such as the Financial Services Authority, the Information Commissioner cannot currently issue fines for breaches of the DPA but may seek to regulate future behaviour by the use of enforcement notices. The powers to issue direct fines were originally introduced in the Criminal Justice and Immigration Act 2008 but have not yet been brought into force.

Assuming the announcement from the ICO is accurate, the ability to issue fines will be a significant extension of the ICO’s enforcement powers.