The recent fine levied on TalkTalk by the Information Commissioner shows the great importance of having an effective data protection regime in operation in any business.
TalkTalk was fined £400,000 – the largest ever fine of its type – after a ruling that it had seriously failed to abide by its obligations under the Data Protection Act 1998.
TalkTalk's fine arose when it failed to fix a known security loophole in a database it had obtained when it took over Tiscali in 2009. The database was accessible via its website, which was subsequently hacked causing personal information on more than 150,000 customers to be exposed.
The fine was levied despite the presence of a number of mitigating factors.
The Government has announced that it intends to introduce the power to levy personal fines on directors whose companies commit data protection breaches.