14 DAY TRIAL // Last year, the UK’s Information Commissioner’s Office fined the Scottish Borders Council £250,000 ($387,000 / €289,000) for exposing the pension records of employees.
The records were improperly disposed of by a company contracted by the council. However, the ICO argued that the organization had failed to properly manage the outsourcing of personal data processing.
The Scottish Borders Council filed an appeal. Now, a judge has ruled that there was no legitimate basis for the ICO to fine the council, Out-Law informs.
“There was no liability to a monetary penalty in this case because looking at the facts and circumstances of the contravention, whilst it was serious, it was not of a kind likely to cause substantial damage or substantial distress,” Tribunal judge Justice Warren wrote in his ruling.
Legal experts have told Out-Law that the verdict would impact future data breach cases.