Compliance Week Speaks to James Castro-Edwards Regarding ICO Fine Being Seen as a “Deterrent” to Other Organizations

Privacy, Cybersecurity & Data Strategy counsel James Castro-Edwards was recently quoted in the Compliance Week article, “ICO Proposes $7.8M Fine Against NHS Contractor in Warning to IT Providers,” regarding the UK Information Commissioner’s Office (ICO) proposed fine against Advanced Computer Software Group, an IT contractor for the National Health Service (NHS). The enforcement action would be ICO’s first financial penalty against a data processor under the UK General Data Protection Regulation (GDPR) if finalized.

Castro-Edwards told Compliance Week that Advance’s “apparent failure to maintain appropriate information security measures constitutes a serious breach of the UK GDPR.” He noted that the “provisional magnitude of the fine reflects the harm caused to the affected data subjects and is intended as a deterrent to other organizations that handle sensitive data.”

“IT providers that manage their clients’ information must be aware that if they fail to maintain appropriate security measures, they risk enforcement action from the data protection authority, as well as potential damages for breach of contract with their customers,” Castro-Edwards continued. “This risk is exacerbated where the information concerned includes special categories of personal data such as data concerning health.”

Read the full article (subscription required).