Question to the Department for Science, Innovation & Technology:

To ask His Majesty's Government what assessment they have made of the implementation of fines or enforcement of compensation schemes on companies for the loss or theft of individuals’ personal data.

The law provides individuals with the right to claim compensation from an organisation if they have suffered damage because of it breaking data protection law, such as through insufficient security of an individuals’ personal data.

The Information Commissioner’s Office (ICO) cannot award compensation itself, and does not enforce compensation schemes.

Individuals should first seek to settle the claim directly with the organisation. If this does not resolve the matter, they would need to make a court claim for compensation.

In terms of the implementation of fines, the ICO decides which matters to investigate and whether investigations result in a fine. The ICO is independent of government and accountable directly to Parliament. It would therefore not be appropriate to comment on how it implements its enforcement powers.