Re: Fining public bodies
>>Could somebody tell me what the rationale is for ever fining a public body?
Because, like any organisation they are run by people, people with budgets and the people who work for those with budgets are in fact real people, you might think that people who work in the public sector are sitting around, being paid above average to fill in the time between when the tea trolly woman comes round with a fresh supply of biscuits but the world has moved on since then, public sector workers are under the same constraints as private sector, the bosses really don't like finding a big hole made in thir budgets because an employee has done something they shouldn't have, and if they didn't tell the employee not to do it then they are vicariously liable, so if some tool loses an unencrypted mem stick and they were allowed to have then it's not their liability, if they lose an unencrypted mem stick that they were not allowed to have then they are liable for gross misconduct.
Put it this way, the money being moved by the fine will never directly help anyone, as you say it's just moving it from one part of the government to another, but inflicting bugetary pain really pisses off the directors and the potential (or actual) of this should make them put procedures in place to protect data (or punish the actual rules breakers themselves).
>>Any sanctions should surely be against the miscreants
Yes, but who are the miscreants? are they the people who lose the stick? well, not if you "allow" them to hold data in this way and the only people who can create an enforce the rules are the directors, this is all about vicarious liability, by default those liable are the directors unless they have done everything they can to prevent their employees doing something wrong.
It seems like the answer should be simple, but it aint.