Noble Design and Build of Telford in Shropshire, which operates CCTV systems in buildings across Sheffield, broke data protection laws by failing to comply with an Information Notice. The company also failed to register with the Information Commissioner’s Office (ICO), despite it being a criminal offence not to do so.
On Monday 2 July, the company was convicted at Telford Magistrates’ Court in its absence. The business was fined £2,000 under Section 47 of the Data Protection Act 1998 for failing to comply with an Information Notice.
The company was also fined £2,500 for processing personal data electronically without having notified when required to do so, as stipulated under Section 17 of the Data Protection Act 1998.
Noble Design and Build was ordered to pay costs of £364.08 and a victim surcharge of £170.00.
On 4 September last year, the ICO sent a letter to Noble Design and Build raising concerns that the company didn’t have the appropriate signage in place to alert people to CCTV monitoring that was taking place. It also notified the firm of its legal duty to register with the ICO.
The ICO sent out another letter on 11 October and a final e-mail on 25 January this year.
The ICO then sent an Information Notice under Section 43 of the Data Protection Act 1998 duly compelling the company to comply.
Steve Eckersley, head of enforcement at the ICO, said: “Not registering with the ICO is a criminal act, as is not complying with an Information Notice. Let this case act as a stark warning to other companies who flout the law that we will take robust action.”
Noble Design and Build was prosecuted under the terms of the Data Protection Act 1998 because of when the offence took place. The new Data Protection Act 2018 came into force on 25 May. Organisations processing personal data have a duty to pay a data protection fee unless they are exempt.