ICO Fines Government Department for Data Security Breach
The Information Commissioner's Office (ICO) recently announced its decision to fine the Ministry of Defence (MoD) for an "egregious breach" of the personal data of 265 potential Afghan evacuees.
A key learning point from this decision is that all organisations, but particularly public sector bodies, must demonstrate their compliance with the data security principle via clearly documented, robust policies and procedures, which should take into account legal obligation, as well as any specific guidance issued by the ICO. Moreover, organisations must continue to train and advise staff in relation to the risks associated with data security breaches.