The Information Commissioner has called for the commencement of the custodial element of the section 55 offences and expressly criticised data protection compliance by local authorities as being “very bad”. He also criticised data controllers, especially in banks and financial services, as being uncooperative in relation to …
Why would any company/organisation invite an audit if they have any deficiencies? I find it disturbing that Data Controllers are not cooperating : clearly they haven't got the point.
Cut the crap and make audits compulsory and immediate if serious breach is indicated.
Well I'd imagine that you or your staff would have to servise the auditors, meaning that you wouldn't be doing your normal job. In addition, you would probably have to provide a number of extra reports that the auditor could review, which someone would have to spend time producing.
Next; you'd have to justify to someone that time (=money) is being spent on this audit, and that outsiders would have to be let in to see things, or internal things will have to be relased to outsiders.
But then the kicker; What do we get out of it? How much does it improve the shareholder dividend?
Then add in some fear; how much do you like someone looking over your shoulder? What happens if they say that something is bad; how is that reflected in your pay packet (no pay-rise / P-45)? Do you not have enough problems already with users, managers, etc?
So the Informatin commissioner wants
Maybe he should explain his priorities to his staff.
I reported threee insurance compaines for sending patient bank account details to our hopsital. the response can be summed up in two words.
Bit of consistency might be useful Christopher.
"the going rate is about £100 to £150 per offence"
Can the release of 87 patient records be shown as 87 separate offences, so that a proper, decent fine may be imposed? (Or does that count as perversion of justice?!)
Why the hell do they need someones DNA just because they ran a query on a CRM system ?