Sark Shipping has been found guilty of "failing to maintain appropriate standards and controls" while processing customers' data.
The Isle of Sark Shipping Company Ltd was found to have breached three sections of the Bailiwick of Guernsey's Data Protection Law following an inquiry by the Office of the Data Protection Authority (ODPA).
The ODPA's decision notice said the shipping company's data protection controller had failed to demonstrate "sufficient awareness, understanding and compliance" with the law when processing personal data.
"The inquiry undertaken by the Authority commenced as a result of matters being drawn to its attention and certain responses provided by the controller following questions raised by the Authority.
"The Authority had concerns that the controller may have been unable to demonstrate sufficient awareness, understanding and compliance with their data protection obligations under the law and as a result failed to maintain appropriate standards and controls in their processing of personal data."
Pictured: Emma Martins heads up Guernsey Data Protection Office.
"The area of concern to the Authority related to the processing of personal data concerning the financial status of a data subject. At the conclusion of the inquiry the Authority found that the controller did not process the subject’s personal data in a manner which ensured that the data was processed fairly, lawfully, accurately or securely, in breach of three of the data protection principles under the law."
The ODPA said there were several mitigating factors, namely that Sark Shipping had not been investigated previously, the controller made early admissions and engaged with the inquiry, and the controller took action before the judgment to change how they processed personal data.
However, the Authority also took into account that the controller "showed insufficient appreciation of the significance of some of the problems" arising from how customer data was handled.
"The Authority considered it was appropriate to impose sanctions for the breaches of the operative provisions of the law by the controller," the ODPA concluded. "Considering all of the relevant factors arising from the inquiry the Authority considered that the breaches of the operative provisions of the law were toward the lower end of the scale of seriousness.
"Accordingly, the Authority imposed a formal reprimand in relation to the breaches which had been discovered and it also issued a formal warning to seek to prevent future breaches of a similar nature."
Pictured top: The Sark Venture (Credit: Chris George).
Once your comment has been submitted, it won’t appear immediately. There is no need to submit it more than once. Comments are published at the discretion of Bailiwick Publishing, and will include your username.
There are no comments for this article.