The Information Commissioner's Office (ICO) would have the power to fine organisations up to £500,000 for serious breaches of data protection principles under plans announced this week by the Ministry of Justice. The consultation, Civil monetary penalties - setting the maximum penalty, asks just one question: whether the …
I guess that as usual all government bodies will be exempt as they can "learn lessons" and conduct root and branch reviews rather than actually fix their problems!
If only they actually practised what they preached.
They can leak our information non-stop all the time yet they still get paid their bonuses but if a private sector company leaks info then that's just unacceptable
Hanging's Too Good For 'Em
"we consider it desirable that the maximum amount of the penalty should not be higher than the equivalent of 10% of the highest annual turnover of a small company."
Small company.. 10%.. what now? How is that in any way relevant to a Government department losing half a million drivers details / patients records / pay details for undercover police / addresses of army staff / etc.
Oh it's not meant to be.. because the Government knows it's more than likely it will fall foul of this law several times and doesn't want to sting itself with massive fines. There shouldn't be a cap on the amount and the fine itself should get put into a charitable causes pot.
Will this apply to govmt organisations too?
Given their rich history of losing our stuffs...
Maybe the fine could take the form of a tax rebate for all those whose data is lost in that case...
So I guess the proceeds form any fine would go into the exchequer
In which case, when the gubmint gets its fines (this is sure to happen, right?), this money would come from the exchequer and go... back in the same pot?
Or maybe, it should go back to us taxpayers as a rebate? Stop laughing at the back...
What is ACTUALLY required, IMHO are criminal sanctions against the individuals concerned, and not just the lowly scapegoats who get the blame for data leaks, but their superiors who put them in a position to leak the data and through negligence, allow it to happen. I would dearly love to see those senior civil servants and government ministers serving time for their wilful disregard for the privacy and rights of us minions, er.. sorry, voters. Same goes for those in big buisness who think that profits are more important than the rights of their customers. God forbid that there would ever be any cross-over between these two groups, of course...
Junk Fuel .....Sub Prime Ministerial lines
Are the Labour Government on crack?
If only that were true, the much more terrifying reality is that they're stone cold sober!
"Are the Labour Government on crack?"
They're probably just on stupid.
If the small company sole business is breaking the act?
If the small company sole business is breaking the act (as was the case recently with a couple of agencies) 10% is a very reasonable fee to do business. Almost like a licensing regime.
So if some company keeps a record of my preference in chocolate (or something equally harmless) it may be fined half a million pounds. But if the police arrest me on a trumped-up charge, they can take and keep my DNA (probably the most important and critical personal data I have) more or less indefinitely.
By the way, if any MOP (member of the public) chooses to ring up the police (anonymously if they prefer) and accuse me of assaulting someone, odds are the police officer who deals with the call will begin by arresting me - before doing anything else, such as finding out the facts.
why a maximum fine
why not set a fixed 'per item' fine based on the severity of the data leaked, that way the difference between losing 20 meaningless items of data on 20 people can be differentiated from losing the entire country's medical records, for example.
why can no-one do maths anymore?
"However, we consider it desirable that the maximum amount of the penalty should not be higher than the equivalent of 10% of the highest annual turnover of a small company."
That makes no sense whatsoever.
A percentage is a proportional figure that can be applied to many different actual figures to give the same proportion.
So in order to confuse, we are being apples and oranges - 10% of turnover of small company should be the same PROPORTION as 10% of a large company.
10% of the highest turnover of a small company IS NOT a comparable figure unless you define what a small company is or the highest and lowest turnovers are for such companies.
This is merely a statistical way to make it disproportionately in favour of large companies on whose board government ministers sit.
Criminal sanctions on INDIVIDUALS is the only way to go. Fine's dont go to the victims of data loss.
"a penalty up to 10% of an organisation’s turnover."
So if the MOD or the Security Services or the Governmetn lost our data, how much could they be fined.
Except, of course, they're funded from the public purse, so the money would go back to the public purse and the net result would be nothing (except some fat fees for a few lawyers, perhaps)
Now if the money was actually put into teaching such organisations about data security, password protection and file encryption for instance...
... nah, that would be sensible, forget I mentioned it.
Evidently watchdogs just don't need them.
Data protection act
1998 not 1988