From Tuesday 6 April, the Information Commissioner’s Office (ICO) will get enhanced powers to fine organisations up to £500,000 for serious breaches of the Data Protection Act. Previously the maximum fine was a paltry £5,000. The tougher measures will be imposed alongside compulsory audit notices to central government …
Huge fines are simply vacuous posturing by a puppet regulator that has failed the public time and time and time again.
The ICO, in their own estimation, can't comprehend the IT industry they are meant to regulate.
Welcome Mat, because I'd welcome a change of personnel at Wilmslow to accompany this announcement.
Only possible because they're leaving..
New Labour couldn't afford to be fined out of their trousers by their mismanagement. Now they're leaving (well, hopefully conclusively thrown out) they try to set up problems for the next incumbent who will have a job fixing the mess.
That's my view anyway.
NuLabour tries to look tough to data subjects
It only took them 13 years to do so.
Thumbs up (eventually) for giving the ICO some teeth.
I wonder if it will persuade people that all that data (most of which is only being gathered at the behest of assorted data fetishists within the Civil Servant and their assorted junior minister sock puppets) is safe in their hands?
31 days likely, 66 days maximum.
Compared the DPA with PCI DSS?
Holy crap, I hadn't realised the DPA was so utterly and unspeakably useless from conception to audit that it could be compared with PCI DSS!
If it is only half as irredeemably shite as payment card "security" then we should just scrap it now.
Hope this applies to the Police
who seem to be a MAJOR ignorer of DPA 1998 laws,along with other Govt bodies.
Criminals 'r' Us Labouring as Incompetent Politicians. J'accuse.
And who will be the first to realise that the Public Purse can be milked and bilked for millions with the careless deliberate release of supposedly secure information by departments looking for more funding, for how does the Government fine itself without it being thought of another dodgy stealth tax racket dreamt up by the seriously deluded and patently unhinged?
PLus how many nasty little cowboy IT security companies are lining up, ready to offer shite services to firms desperate to ensure they don't get stung by this?
Wheres my quid!
So how much will every tax payer in the country get from all the fines after the Gov forks out for the utter foul up's of lost data...so off the Gov foul ups last year alone thats somewhere in the region of £1 per person Brown owes us...we can but hope anyhow!
Cost their organization?
What? People who for any reason have data in their possession that may be covered by the DPA should be personally responsible for it!
If some spiv can't be bothered to learn how to operate their tools beyond clicking on the blue "e", then they are not qualified to have access to such data, full stop. If they can't learn, fire them and get someone suitable for the job.
"Lose that laptop, and it'll cost you £500k" will stop their farting in church.
Exactly! Well said!
Same with anti-money laundering in the financial sector, you as the individual are respsonsible for reporting suspicions, failure to do so results in large fines and prison terms for the schmo at the bottom right through to the director at the top.
As with AML, ignorance is no excuse!
Not quite enough
It should be up to £500k per breach. Which would mean "per record". So if you lose a laptop with 1,000 records on it; that's a fine of £500,000,000. Which is, quite simply, bankruptcy and the company going under.
THAT should focus the minds of the CEOs, CIOs and COOs into actually DOING THEIR JOBS.
If, of course, the board members have ensured that all removable media/devices are properly encrypted (or that data can't be taken off-site, period) and that staff are trained in maintaining data security; then any breach would only receive a minimum penalty (if any at all).
However, this is the ICO and Labour are still in power (and very friendly with big business). Another bunch of toffs are about to come in and shaft the public again with their corruption; so nothing will actually happen and we will continue to get screwed over by these arseholes.
Plus ca change.
Fines are not enough
Fines do not change things, because organisations will just pay them. It is about time prison sentences got mendated for the people IN CHARGE. Don't send the poor schmo who never got told of his obligations, send his boss to the slammer for a few years. Maybe then, with personal freedom at risk if they do not protect the data they are intrusted with, will they finally take action.
The ICO fines, say HMRC, and the money goes where, exactly?
Hold senior managers...
...or board members personally liable. They get paid enough to "take risks" and "shoulder responsibility", time they actually faced some risks and took responsibility!
This is gesture politics of the worst kind. The ICO has shown itself to be incompetent and lacking the guts and balls to hold companies and the government to account. This gesture will not change the fact that my large left testicle has more balls than the whole of the ICO, which is patently unfit for purpose.
Data regulatiion breach
This revelation of personal information falls into the category of disclosure of data likely to disturb others -- in this instance, the voluminous condition of your left testicle and the way it appears to be in multiple occupation.
Please desist from further disclosures otherwise I will have to report you.
(Note: the ICO doesn't know what it's supposed to regulate, still less enforce, so the chances of it taking action in your case are high.)
* Paris, because some disclosures are in the pubic interest.
Who pays the fine?
So a Local Council is fined for losing local council tax payers data - who pays - the local council tax payers.
A Bank is fined for losing customers data - who pays - the customers in increased bank charges and interest rates.
A Hospital is fined for losing patients data - who pays - the patients in reduced services to cover the shortfall in funds.
Who never pays - the prat that lost the data!
Tuppence a go
£500,000 works out at about 2 pence for every one of the 25,000,000 records lost by HMRC in the debacle over lost disks. Of course, government is exempt from the fines. This is just a smokescreen so that Labour can be seen to be doing something and getting tough with people, creating a distraction from the Govt's own failings.
One problem nobody seems to have commented on much is that once your date of birth, National Insurance number and mother's maiden name are in the hands of the bad guys, you can't get make them secret again, fines or no fines, or change them (unless the whole country goes into the equivalent of a witness protection programme!).
"Don't send the poor schmo who never got told of his obligations, send his boss to the slammer for a few years."
I think there might be a whole lot more lost data happening...
This will only affect the NHS
The ICO lack the skills, knowledge and appetite to go after the private sector, so will simply engage in rearranging the money in the government's trousers at horrific expense.
Finding problems with the NHS' information security is like shooting fish in a barrel.
Plus, they know that by picking on public sector organisations, no-one will be sacked. So everyone can sleep easy.
I think 100 fold is a little larger than 100 times.
If the new fine was 6,338,253,001,141,147,007,483,516,026,880,000 per offence then it would be 100 fold.
I think the current increase is about 6.65 fold..
DPA hot air
Underwhelming news at best. Who wants to hand out a chunky fine when we're being told that the beginning of the end of the recession is in sight? And an outgoing government? Will a new government have the appetite for this? And if the penalties aren't actively applied then what strength does this really have?
- Geek's Guide to Britain BT Tower is just a relic? Wrong: It relays 18,000hrs of telly daily
- Product Round-up Smartwatch face off: Pebble, MetaWatch and new hi-tech timepieces
- Review: Sony Xperia SP
- Geek's Guide to Britain The bunker at the end of the world - in Essex
- Dell's PC-on-a-stick landing in July: report