• Services
  • Sectors
  • Our Team
  • About us
  • Insights & Legal
  • Legal Q&As
  • Useful information
  • Contact us
  • Careers
  • 2 May 2014

    What are an employers' liabilities if an employee loses company data?

    Q. Is my company in breach of the Data Protection Act (DPA) and liable to be fined if my employee loses their own personal device holding company information? 

    A. The DPA applies to the processing by data controllers of personal data relating to data subjects. A breach of the DPA may result in the data controller, often the company or employer, being liable for a substantial fine up to £500,000. 

    To avoid contraventions of the DPA companies should consider appointing a data-compliance officer and implementing relevant company policies. Employers should be particularly vigilant about the contents of any employment contracts and consider whether they make sufficient provisions for breaches of the DPA. 

    To emphasise the stringent approach under the DPA, a company may even be liable where a device is lost or stolen and contains or allows access to personal data of the company and/or that device is inadequately encrypted. This is particularly important when a firm operates a ‘Bring Your Own Device’ (BYOD) policy.

     The Information Commissioner’s Office website offers valuable guidance to data controllers. 

    Contact our team today

    Contact Permission

    We would like to stay in touch with offers, news and event invitations. We will always treat your personal details with respect and we will never sell them to other companies for marketing purposes. You can find details of our full privacy policy here.

    You can stop receiving updates at any time by clicking 'unsubscribe' at the bottom of our emails or by emailing enquiries@hegarty.co.uk

    Please let us know if you would like to hear from us:

    Stay up-to-date with Hegarty