Company prosecuted and fined for not registering with ICO

The Information Commissioner’s Office (ICO) bared its teeth at a company which operates CCTV systems in buildings across Sheffield.

On Monday 2 July 2018 Noble Design and Build of Telford was convicted at Telford Magistrates’ Court of breaking data protection laws and failing to comply with an Information Notice from the ICO. They had also committed a criminal offence by failing to register with the ICO.

They were fined £2000 for failing to comply with an Information Notice, plus a further £2500 for processing personal data electronically without having notified the ICO when required, (s17 of  Data Protection Act 1998), and ordered to pay prosecution costs and a victims’ surcharge; a total of over £5,000.

The prosecution was brought under the 1998 Act as, at the time of the commission of the offences, the Data Protection Act 2018 had not come into force.

The ICO is not there to try to catch out businesses. Their primary roles are to uphold information rights in the public interest and to promote openness by public bodies and data privacy for individuals. They will engage with businesses to try to help them meet their obligations, however where there are repeated and flagrant failings, they can take enforcement action.

In September 2017, the ICO sent a letter to the Company to note that it had not put suitable signage in place to alert people to the presence of CCTV. It also reminded the company that it had not yet registered with the ICO and that it had a legal duty to do so.

Noble Design and Build failed to act in response to that letter and to a further letter a month later in October and an email on 25 January 2018.

The ICO then sent an Information Notice, under section 43 of the Data Protection Act 1998 to compel the Company to act. Noble Design and Build failed to act on the Information Notice. Failing to comply is a criminal offence, as was their failure to register.