Well, it’s finally happened. The powers the UK ICO acquired back in April 2010 to levy large fines of up to £500k on organisations who are being careless with your data have finally been used, with Hertfordshire County Council receiving a record £100k fine for faxing sensitive childcare litigation information to the wrong place. Twice. In two weeks. And a £60k fine for employment services company A4e who lost an unencrypted laptop with 24,000 people’s details on it – not much more than the previous £50k limit, but it shows willingness to use the powers.

I’ve heard numerous commentators and corridor gossipers talking over the last few months about the ICO being unwilling to really do anything, being toothless and unwilling to actually hit anyone with their new powers, so it’s encouraging to see that they are starting to be exercised. Let’s hope that the publicity engendered encourages rather more people to think twice before sending that fax/email/CD..

It’ll also be interesting to see the results of ICO's response to the investigation involving ACS:Law and the alleged breach of the Data Protection Act whereby the names and addresses of some 5,000 Sky broadband customers ACS:Law had accused of illegally sharing pornography along with some 8,000 other alleged filesharers came to be in the public domain after ending up on ACS:Law’s website. No news yet on any outcomes on that one, but it’s interesting to note the quote by the Commissioner made shortly after the event "I can't put ACS:Law out of business, but a company that is hit by a fine of up to half a million pounds suffers real reputation damage"