Liverpool City council fined for DPA breach

DPA lapses cost council dear

The importance of being able to respond to requests made under the Data Protection Act (DPA) was highlighted in December after Liverpool City Council became the first organisation to be prosecuted for failing to comply with an information notice from the Information Commissioner's Office (ICO).

The council, which pleaded guilty to the charge, has been fined £300 and agreed to have the ICO audit its data protection procedures.

The prosecution was launched after a former council employee requested access to personal information held by the council. While some information was provided, the woman involved felt some sensitive health information was missing and made a complaint to the ICO. The Council then failed to respond to requests for information from the ICO, which is an offence under the DPA.

The judge in charge of the case ruled that the council had displayed an " appalling breakdown of communication" and a "clear lack of compliance".

Mick Gorrill, head of the regulatory action division at the ICO, said in a statement that the successful prosecution was a "useful reminder" to other organisations that they cannot ignore information notices from the ICO and that their data management processes and systems need to be capable of discovering requested data quickly.

“The Data Protection Act gives us all important rights, including the opportunity to find out what information is held on us by an organisation," he added. "This right is the very cornerstone of the Act and that is why the legislation is so important."