16 May 2014
A dedicated Data Protection Defence team has been launched by Scottish law firm bto solicitors, to provide specialist advice in relation to the growing number of large Data Protection fines (Monetary Penalty Notices). The maximum penalty is currently £500,000, however, the EU is considering an even higher amount. This is believed to be the first team of solicitors in the UK focusing specifically on Data Protection MPN defence.
bto’s new Data Protection Defence team comprises Partner and Solicitor Advocate Paul Motion, a leading Data Protection and IT/IP law practitioner; Associate and criminal Solicitor Advocate Laura Irvine, who is an ex-Procurator Fiscal, and Associate Lindsay Urquhart. It is currently the only team of lawyers in the UK which has experience of successfully challenging a fine for a breach of the Data Protection Act (a penalty of £250,000 imposed by the Information Commissioner’s Office on a Council). The team is therefore well placed to advise on how best to handle a data breach, how to deal with the ICO during an investigation and how to appeal against an ICO fine.
The team can call upon many years of experience in providing advice relative to the Data Protection Act and Freedom of Information requests, in particular of handling the tricky situations where the legislation overlaps.
Paul Motion said: “This new service from bto provides our clients with a direct response to the huge fines which can now be handed out by the ICO, not only under the Data Protection Act, but under Regulations governing spam texts, spam emails and unsolicited marketing phone calls. The ICO has used its powers to impose significant fines mainly on public bodies, especially local authorities and health boards, but it has also fined charities, individuals and private companies.
“We can offer tailored advice at very competitive rates as well as fixed price work. We are finding that in most cases the alleged breaches have occurred accidentally, but the ICO seemingly pays no attention to this in deciding whether to fine or how much the penalty should be. ICO investigations are not a comfortable experience. Too late we find that businesses have disclosed material adverse to their interests which they didn’t have to disclose, or made admissions they might not have made with the benefit of prior legal advice. Considering the significant fines that the ICO can impose, it is vitally important that organisations limit their exposure as early as possible following a breach and control the material they are handing over”.
Laura Irvine is a criminal defence lawyer and regularly deals with health and safety prosecutions. She said, “The sentencing guidelines where there has been a fatality following a health and safety breach state that the starting point for a fine is £100,000. I am not seeking to minimise the potential for damage and distress following the loss of data, but the fines issued by the ICO, very often on public sector bodies, often seem way out of proportion by comparison.”
Paul concluded: “Data protection should already be high on the management radar of all organisations. With certain Members of Parliament now agitating for serious data protection breaches to attract prison sentences and with the Regulator himself recently going as far as to describe local authority chiefs as “hopeless” relative to their handling of personal data, we believe that the need for a Data Protection Defence Team has never been greater”.
For further information please contact Paul Motion, Laura Irvine or Lindsay Urquhart on T: 0131 222 2939 or email us at firstname.lastname@example.org