The ICO has stepped up its enforcement of data breaches by businesses and organizations as well as individual staff members, and have begun issuing monetary penalty notices. So far the fines have totaled over £1m ($1.6 million dollars) across 13 cases and they appear to be on the rise. The fines either relate to unencrypted laptops or paper records being lost or stolen, or unlawful disclosures of personal information to the wrong recipients. In the vast majority of cases, the incidents are due to human error and are avoidable. One of the most noticeable changes over the last year has been the increase in individual criminal prosecutions for unlawfully obtaining personal data. Undertakings from data controllers and ICO audits are other enforcement actions that have increased. Organizations receiving personal data from unauthorized sources need to exercise extreme caution: if there is no audit trail to justify lawful obtaining of the personal data, the business will be placed at risk if it receives it and uses it.
