back to article Regulator gets power to fine for data breaches

The Information Commissioner's Office now has the power to fine organisations which deliberately or recklessly commit serious breaches of the Data Protection Act. The Criminal Justice and Immigration Act got Royal Assent today. Sadly the law is not retroactive, so the long list of government departments which have lost or …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

I'll bet you .....

That they do not fine anyone at all even though they have the power. Go on ICO ,prove me wrong. I know one Police force who blatantly /breached breach the DPA and the ICO did absolutely nothing about them .

0
0
Silver badge
Stop

Every one except....

Her Majesty's Government, and they're the ones that need it most

I suppose fining HMG, who would take money from the Treasury to give it to the Treasury, would be a tad pointless, but Hell, this is Gordon Brown's government, the past masters at doing either pointless things, or things they've been specifically advised not to do...

0
0

i wonder if this includes the gov?

i mean they seem to be very calous with our data dont they! maybe some fines from an MPs pocket might get them to think a little more!

0
0
Anonymous Coward

Fining government departments...

...is pretty much an exercise in futility.

0
0
g e
Silver badge

Does tax pay for the ICO?

If so then it doesn't burn my tax when they fine the Gov a LOT of money for being utter arse with data.

My kids are better with their personal digital information than uk.gov - seriously.

0
1

Fining Government Departments

"Sadly the law is not retroactive, so the long list of government departments which have lost or endangered our data in recent months will not be fined."

But surely the taxpayer picks up the bill for government incompetence so not only do they lose our data but we get the privilege of paying for them to do so.

0
0

Eh??

"Sadly the law is not retroactive, so the long list of government departments which have lost or endangered our data in recent months will not be fined."

What on earth would the point be of one government department fining another government department? Sure, I can see the point of the government fining corporations, provides an incentive for them to do things right.

0
0
Happy

roll on the up and comeing Phorm trials

"The Criminal Justice and Immigration Act got Royal Assent today. Sadly the law is not retroactive, so the long list of government departments which have lost or endangered our data in recent months will not be fined."

shame, but not to worry, roll on the up and comeing Phorm trials to name but one potential first ever fine,.

still, RIPA would be the better Option as it can put your executives in the clink....

0
0
Unhappy

Money for old rope

They shouldn't be fining the government departments .

They should be fining individuals who have had a hand in disclosing data,or, not providing adequate training and procedures to people who are handling the data.

0
0
Unhappy

RE: roll on the up and comeing Phorm trials

"still, RIPA would be the better Option as it can put your executives in the clink...."

Surely you meant to say;

Still, RICO would be the better option for the stinking vermin who created and those who are using Phorm as this is exactly the sort of Racketeering and Organised Crime that our governments are supposed to protect their electorate from.

Unfortunately RIPA, the deRegulation of Investigatory Powers Act basically says, "any spotty oik working for anyone who has ever had a contract to do anything for any part of government or local council can look at any data about you for any undisclosed reason and do anything they want with it or give it to anyone else for any reason and there is fork all you can do about it because the UK government thinks it is untouchable and makes Al Capone look like a true champion of rights and liberty" So please do not expect that RIPA in any way protects you, it does not, it was never intended to, the entire purpose of RIPA was to enable the government to implement their operations handbook, 1984 by George Orwell without any risk of later being arrested for their criminal acts.

0
0

BT

>David Smith, deputy information commissioner, said: "This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people’s personal information. The prospect of substantial fines for deliberate or reckless breaches of the Data Protection Principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously."<

So everyone should copy 'n paste this into a letter and post it to the head office of BT with a note to the effect of 'Virgin Media and Carphone Warehouse are treading water cautiously where Phorm are concerned, do you wanna trust your luck to a Russian/Chinese backed ex-spyware firm?'

Slightly OTT, but needs must.

I know it's more about data getting lost in second class post/back of car etc, but if a school can use anti-terrorist laws to check a kid lives in the catchment area, we should be able to use those laws in any way we see fit.

0
0
Thumb Up

Its basic common sense

When I went to college to do a Computer Studies HND 24 years ago one of the modules was all about data security, protection and the Data Protection Act. They taught us the basics about not sending passwords with password protected data, but that much should be completely OBVIOUS to anyone with an ounce of common sense!

There has been much in the press over the past year about FAST and software piracy: if companies are now caught with unlicensed software then the DIRECTORS personally (not the company) are now held responsible, and face a fine or a prison sentence.

Why cant we do the same with data protection?

If a government department, or some other company or individual loses some important data in an easily-preventable fashion then FINE THEM PERSONALLY, or prison - that would soon put an end to this completely ridiculous situation!

0
0
Thumb Down

@Tony Paulazzo

"I know it's more about data getting lost in second class post/back of car etc, but if a school can use anti-terrorist laws to check a kid lives in the catchment area, we should be able to use those laws in any way we see fit."

Unfortunately its not us but the ICO who have the power to use the new law. So don't expect it to apply when our interests are at stake - only when the government's interests are threatened.

This is the new reality: pass catch-all laws and set up a government body to administer them. Effectively this lets the government do whatever it likes whenever it likes.

0
0
Anonymous Coward

The only punishment...

...should be prison.

What's the point of fining a Government department? If you're found to be guilty, then the person at the top gets some jailtime, simple as that.

You introduce that law, and I promise you people will get their house in order.

0
0
Bronze badge

"Sadly the law is not retroactive?"

Were there any significant evidence to suggest that that retributive punishment is efficacious I would make a call that the author of this phrase be forced to wash his mouth out with soap.

The principles of non bis in idem and habeus corpus are well founded. The principle of non-retroactivity is equally well founded. The author does a disservice to his readership to suggest otherwise.

0
0
Black Helicopters

sounds good

fine a government department, that sounds good to me, after all we all know that the top priority of government departments is to spend as little as possible and not waste any excess cash on anything, so they would dread the thought of a fine - let's fact it if they got fined then they would have to soak it up in that years budget then expand the next years budget to compensate, and crapita wouldn't like such an irregular funding supply

what's that sound overhead? better delete my extreme porn before they land...

0
0
Thumb Down

What about accidental breaches?

"...power to fine organisations which deliberately or recklessly commit serious breaches of the Data Protection Act..."

So accidental breaches will be exempt then? Aaaaaarrrrrggg!

0
0
Thumb Up

Fining government departments ...

,,, may be a pointless activity, but it should surely be possible to fine the PERSON or PERSONS that were responsible, and insist they pay from their own over-inflated salaries and not be recompensed from the public pocket.

0
0
Uzi
Unhappy

Redirecting funds

How about, fine the department and instead of having the money paid to the treasury, have the fine either paid to any victims of data loss, or since it is taxpayers money give it back to taxpayers in some form of tax reduction/credit whatever. Yeah I know, as if that would ever happen...

0
0
Flame

@anon - accidental breaches

It says reckless as well as deliberate, I would take reckless to mean accidental breaches stemming from poor or non-implemented process routines, or any other breaches that could have been prevented had the proper precautions been taken (but weren't).

And fining a government department might not seem like a good idea, but if it isn't good, i think it's at least an OK idea. It might just be about shuffling some money from one department to another's coffers, but you can be pretty sure that the person(s) (or scapegoat(s)) found responsible for the loosing of face and money (for the department) will find their personal carriage of the gravy train left behind at the next station. This will hopefully at least mean that tighter controls will be put in place (if not for any other reason than just to save one's own bacon.. or gravy.. or something)

I for one am looking forward to the first government breach and subsequent hanging of the proverbial French monkey so we can all applaud the poor sods levitational powers like a live Trisha audience, safe in the knowledge that this will surely somehow make the world a better place. If your knowledge of crap TV is limited, try imaging a hundred seals with red balls clapping their hands and going 'Au!' 'Au!' 'Au!'.

0
0
Go

@Eddie, Liam, ACs ....

if you remember the series Yes (Prime) Minister, there are about four episodes in which Sir Humphrey explains very clearly to the Minister that the Minister is responsible for **ck-ups in his department (not in such terms, of course). So ... start fining Ministers, not departments, and make it personal. Also given the amount of public trust implicitly placed in public servants such as Ministers, add a 10x multiple on the fine. Oh, and MPs on select committees are responsible for supervising Ministers, so lthey should share the pain.

After all, there can;'t be a single MP out there who wouldn't vote for such a proposal, because they're all "cleaner than clean" and would have nothing to worry about - so if they do vote against it, Inspector Knacker can start asking them why.

PS My personal favourite Yes (Prime) Minister is the one where Hacker suggests civil servants, given their job security and bullet-proof pensions etc, should be paid as if they were directors of Charities, not compared with commercial/enterprise salaries unless they are taking same risks ("in undustry, if you make a mistake, you get the boot; in the civil service, if you make a mistake, <i>I</i> get the boot")

0
0
Boffin

@ Eddie

Whilst I agree entirely with your comment number 1... I feel you may have overlooked the fact that by fining itself, the treasury will supply funds to service the fine from one department account (the supply of nice crispy fivers from the general public) and pay it into another (the supply of nice crispy chardonney to the senior manager) whilst also encouraging economic growth (the supply of 15% fresh crispy tax) to another department (for the supply presumably of crystaline meth to the cabinet - how else can you explain current nu-labour-itis)

Oh, and @ Frederick Karno, I really could not have put it better myself.

0
0
Flame

yes minister

Remember that according to UK practice - it is not criminal to be incompetent as a minister - personal responsibility due to ignorance and lack of competence are excempt for ministers in the UK. This is the only group of professionals who are specifically excempt by law from any personal responsibility due to grave incompetence. All others can be penalized... the further down on the food chain - the more likely that this happens...

so at the end of the day it would be the clerk who is found 'guilty' and not his manager...

0
0
Anonymous Coward

Penalties

If the data protection commissioner has only now just been awarded powers to fine people, what penalties were they able to levy before, none?

How can you enforce a law if you don't have any powers to punish those that break the law?

It never ceases to amaze me at the stupidy of legislation formed by by this NuLabour government.

0
0
Anonymous Coward

@AC Yes minister

why? Why not make it an offence to be incompetent in your job if you're being paid by the public, can vote your own pay rise, can totallly fubar entire nations and then get an index-linked pension?

0
0
This topic is closed for new posts.

Forums