Client area and payments Make an enquiry
Business Disputes

What are an employers’ liabilities if an employee loses company data?

Q. Is my company in breach of the Data Protection Act (DPA) and liable to be fined if my employee loses their own personal device holding company information?

A. The DPA applies to the processing ( by data controllers ( of personal data ( relating to data subjects (

A breach of the DPA may result in the data controller, often the company or employer, being liable for a substantial fine up to £500,000. To avoid contraventions of the DPA companies should consider appointing a data-compliance officer and implementing relevant company policies. Employers should be particularly vigilant about the contents of any employment contracts and consider whether they make sufficient provisions for breaches of the DPA.

To emphasise the stringent approach under the DPA, a company may even be liable where a device is lost or stolen and contains or allows access to personal data of the company and/or that device is inadequately encrypted. This is particularly important where a firm operates a ‘Bring Your Own Device’ (BYOD) policy.

The Information Commissioner’s Office website offers valuable guidance to data controllers.

Andrew Hornsby, Partner


Do you want find out more?

Make an enquiry online Contact the Peterborough office Contact the Stamford office Contact the Oakham office Contact the Market Deeping Office