Decision Marketing reports:
The Information Commissioner’s Office has walked straight into a major row up after issuing its first ever fine for the destruction of personal data – in breach of UK GDPR – with some data protection professionals questioning not only the timing of the penalty but whether an obvious cock-up warranted such action in the first place.
The case centres (sic) around post-adoption support charity Birthlink, which supports adults with a Scottish connection who have been affected by adoption.
Birthlink, running out of space to store records, made a decision to destroy some records as long as they were not irreplaceable and as long as they were complying with the length of data retention required by law. But a huge error occurred and resulted in them destroying some irreplaceable records. When they discovered their error, they reported it to themselves to the ICO.
And it is the severity of ICO’s response that is being questioned — why, for example, a little charity got hit with any fine at all when the Ministry of Defense incurred no penalty after a major cock-up resulted in information being leaked about those seeking relocation because they helped the UK against the Taliban.
Read more at Decision Marketing.