Feeds

back to article Data breach howlers to get up to £500,000 fine

The Information Commissioner's Office is threatening to slap penalties of up to half a million pounds on data controllers who are found guilty of serious breaches of the Data Protection Act. According to a statement on the Ministry of Justice's website, the government is pushing for Parliamentary approval of its Civil Monetary …

COMMENTS

This topic is closed for new posts.

Can the Government afford this?

Given it is mostly the Home Office that gives data away!

2
0
Grenade

please please

let him leave a memory stick on a train with the information...

1
0
Gold badge

Pointless

It would merely result in your tay money being wasted somewhere else, with a lawyer in the middle taking a good slice..

0
0

The problem

with that idea is that, because the worst offenders are government and public bodies, it's the taxpayer who will be footing the bill.

1
0
Anonymous Coward

Corrupt Law

If people don't want to give details then they should not be compelled to do so.

The fine is not for the people, it is for the UK government, their chandeliers, sanitary towels, and moats.

In instances where the UK government allow for data breaches generally about information no one really wants them to hold in the first place, they are just fining themselves.

0
0
Silver badge
Coat

£500,000

£500,000 is a lot to a small firm or small organisation, but it's peanuts for a bank, supermarket, avereage large government department (which shouldn't not be fined anyway as its our money).

If the personal details of half-a-million people turn up on the 19.35 from Waterloo or in the bins round the back of Lidl then the fine provided it's the maximum works out at £1 a pop! Seems light to me! Surely something like 25% of profits or £500,000 (which ever is greater) would be an actual deterrent for organisation such as banks who have been known leave all sorts of random data out in the street or send it via email to strangers!

Mine's the one with your personal data in the pockets!

1
0

Wot abaht the Gummint?

Thats all very well and good if somebody in the private sector drops a bollock. However, what happens when the next civil servant looses an unencrypted disk: Who gets blamed? Who gets fined? Who pays the fine?

I bet the answers will turn out to be: nobody, the departmental budget, the poor bloody taxpayer.

Odd, that.

1
0
N2
Bronze badge

25 million answers

On two CDs despatched by TNT mail for next day delivery

1
0
Flame

Not effective

There may be good things in this bill; I don't know. Sadly, all I need to do to consign it to the disappointingly large pile labeled "ineffective legislation for propaganda purposes" is read the max penalty.

ID theft can cost victims thousands, and relevant failures regularly affect thousands or millions. How about a modest penalty of up to £1000 per victim? £500,000 is so much less than it would cost to fix data security in many organizations, making it too easy to justify paying up, rather than fixing things.

3
0

Going in the wrong direction

Forget fines.

Legislation should be for naked photos of all Board Members of the appropriate Organisation to be posted on the web.

For Government Departments it should apply to all Front Bench Spokesmen for the Department together with their top level Civil Service team.

Perhaps they might take personal data a little more personally and seriously.

0
0
Stop

Naked photo of Gormless Brun?

No thanks!

0
0
Gold badge

No can do..

Just putting them out naked is (a) not good enough (you're only making sure companies will hire exhibitionists for the job) and (b) a potential hazard to children. Put them then at least in stocks, and generate extra revenue (unit price + VAT) on the sale of rotten tomatoes in the vicinity, ripe for deployment.

I deem it then less likely that they will get many to re-offend.

What I would really want is 3rd party providers be compulsory declared. Some companies buy lists, and as they have no duty to to tell you provided the data you can only ask the company to delete you, but the original list is still sold on, leaving you to play a whack-a-mole game with new spammers. This is, incidentally, also a loophole in teh DPA - if I ask YOU for data I'll have to jump through all the hoops. If I get your friends to tell me about you, you will not be asked permission, yet the data can still be sold legally (AFAIK).

I now email every spam from UK companies to the ICO. With a bit of luck they will actually start looking at this (or put me in the junk filter) :-). Feel free to join me.

0
0
Bronze badge

Not much at all...

One presumes that the fine is being increased because of this case:

http://www.theregister.co.uk/2009/03/06/ico_raids_database/

In which case the penalty enacted upon the guy running the database will increase from this:

http://www.out-law.com/page-10178

0
0
Thumb Down

10 quid

..says all Government departments are exempt from this law.

Wouldn't want Civil Servants abiding by the same laws as us tax-payers/voters/lowly scum now would you.

Anyway, the penalty should be applied to the Data Controller that is responsible, not the organisation. A novel idea I know.

0
0
Thumb Down

10 quid

..says all Government departments are exempt from this law.

Wouldn't want Civil Servants abiding by the same laws as us tax-payers/voters/lowly scum now would you.

Anyway, the penalty should be applied to the Data Controller that is responsible, not the organisation. A novel idea I know.

0
0
Silver badge

Half a solution

A penalty for failure does by itself not teach people how to succeed.

0
0
Silver badge

Civil Monetary Penalties

Civil Monetary Penalties

^^^^^

Would this exempt the government, the prime data-loser in recent times?

0
0

Here's an idea...

If one of those G'ment lot get let loose with a bunch of data in a public place, then their actions should be classed as treason against the state - life imprisonment without parole. That should get their bloody attention.

0
0
This topic is closed for new posts.