Companies that allow clients data to become lost or compromised could be fined up to £500,000 by the Information Commissioner’s Office (ICO).
This new law will officially become enforceable come April 2010, unless Parliament objects to it before then.
Any serious breach of the Data Protection Act could incur a fine, the size of which will be determined by a number of factors.
These will include whether any negligence was involved in the offending company’s actions (or lack of them), the seriousness of the data compromised, and the scale of damage or distress caused by the leak.
Information Commissioner, Christopher Graham, said: “Getting data protection right has never been more important than it is today. As citizens, we are increasingly asked to complete transactions online, with the state, banks and other organisations using huge databases to store our personal details.”
“When things go wrong, a security breach can cause real harm and great distress to thousands of people. These penalties are designed to act as a deterrent and to promote compliance with the Data Protection Act.”