The
Act requires businesses that process personal information to comply
with its eight principles of data protection – which include making
sure that staff and customer records are stored securely, used for
the right reasons and are always correct and up to date.
Most businesses processing personal data are also required by
law to notify, or register with, the Information Commissioner. The
fee is only £35 per year – although some small businesses that
process personal data for very limited purposes are not required to
notify.
According to the ICO, Abacus Recruitment, which has eight
branches in South Wales, had been contacted by the ICO on seven
separate occasions between October 2003 and March 2005, yet still
failed to notify.
Following a guilty plea at Abergavenny Magistrates Court the
firm was ordered to pay a £2,000 fine and costs of £400.
“I am pleased that the magistrates’ court has recognised the
seriousness of a failure to notify,” said Information Commissioner
Richard Thomas. “Complying with the Data Protection Act ensures
that individuals’ personal information is secure, accurate,
up-to-date and processed fairly. This prosecution should remind
recruitment agencies and other organisations of their
responsibilities under the Act.”
