The ICO Finally Takes Action

The ICO Finally Takes Action

It has taken nearly 700 public incidents of data breaches, but the Information Commissioner’s Office (ICO) is ready to take action. Under new proposals being advised to the government, the ICO has suggested significant fines be presented to companies that recklessly or maliciously breach the Data Protection Act (DPA). The most recent cases of exposure are highlighted by T-Mobile employees selling customer details to third parties and St. Albans council having four laptops containing confidential voter information stolen.

How this threat is viewed by small businesses across the UK remains to be seen. Similarly to many views on backup, it may well be a case of ‘I’ll worry about it when it happens to me’. However, the scale of the fines being talked about should be enough to make even the most evasive of Managing Directors think twice.

The Ministry of Justice has launched a public consultation on the maximum amount such fines can run to – provisionally being £500,000 - depending on the scale of exposure and existing preventative measures in place. This is a call for all companies to make at least some effort to comply. However, to simply implement cheap solutions that you think may make you compliant may not save you either. As well as being imposed for the exposure of private data, the ICO fines will also apply against companies who have:

  • Stored or processed personal data in a country outside of Europe that does not have adequate data protection legislation
  • Kept data for longer than is necessary for the organisation
  • Obtained personal data unlawfully
  • Accidentally deleted that data

At present, all the ICO can do is post an enforcement notice to those companies who fall foul and threaten them with legal action. Perhaps this goes some way to explaining why data breaches have become some common over the last few years. It’s the equivalent to a slap on the wrist, a cheeky wag of the finger and a ‘don’t let it happen again’. And then they wonder why it does.

The new proposals should ensure it doesn’t. 

Share this post

Join our cloud community

Join our cloud community Sign up for email updates