The Act requires businesses that process personal information to comply with its eight principles of data protection – which include making sure that staff and customer records are stored securely, used for the right reasons and are always correct and up to date.
Most businesses processing personal data are also required by law to notify, or register with, the Information Commissioner. The fee is only £35 per year – although some small businesses that process personal data for very limited purposes are not required to notify.
According to the ICO, Abacus Recruitment, which has eight branches in South Wales, had been contacted by the ICO on seven separate occasions between October 2003 and March 2005, yet still failed to notify.
Following a guilty plea at Abergavenny Magistrates Court the firm was ordered to pay a £2,000 fine and costs of £400.
“I am pleased that the magistrates’ court has recognised the seriousness of a failure to notify,” said Information Commissioner Richard Thomas. “Complying with the Data Protection Act ensures that individuals’ personal information is secure, accurate, up-to-date and processed fairly. This prosecution should remind recruitment agencies and other organisations of their responsibilities under the Act.”