back to article Data breach howlers to get up to £500,000 fine

The Information Commissioner's Office is threatening to slap penalties of up to half a million pounds on data controllers who are found guilty of serious breaches of the Data Protection Act. According to a statement on the Ministry of Justice's website, the government is pushing for Parliamentary approval of its Civil Monetary …

COMMENTS

This topic is closed for new posts.
  1. Jeff Green

    Can the Government afford this?

    Given it is mostly the Home Office that gives data away!

  2. Anonymous Coward
    Grenade

    please please

    let him leave a memory stick on a train with the information...

    1. Fred Flintstone Gold badge

      Pointless

      It would merely result in your tay money being wasted somewhere else, with a lawyer in the middle taking a good slice..

  3. asiaseen

    The problem

    with that idea is that, because the worst offenders are government and public bodies, it's the taxpayer who will be footing the bill.

  4. Anonymous Coward
    Anonymous Coward

    Corrupt Law

    If people don't want to give details then they should not be compelled to do so.

    The fine is not for the people, it is for the UK government, their chandeliers, sanitary towels, and moats.

    In instances where the UK government allow for data breaches generally about information no one really wants them to hold in the first place, they are just fining themselves.

  5. LinkOfHyrule
    Coat

    £500,000

    £500,000 is a lot to a small firm or small organisation, but it's peanuts for a bank, supermarket, avereage large government department (which shouldn't not be fined anyway as its our money).

    If the personal details of half-a-million people turn up on the 19.35 from Waterloo or in the bins round the back of Lidl then the fine provided it's the maximum works out at £1 a pop! Seems light to me! Surely something like 25% of profits or £500,000 (which ever is greater) would be an actual deterrent for organisation such as banks who have been known leave all sorts of random data out in the street or send it via email to strangers!

    Mine's the one with your personal data in the pockets!

  6. Martin Gregorie Silver badge

    Wot abaht the Gummint?

    Thats all very well and good if somebody in the private sector drops a bollock. However, what happens when the next civil servant looses an unencrypted disk: Who gets blamed? Who gets fined? Who pays the fine?

    I bet the answers will turn out to be: nobody, the departmental budget, the poor bloody taxpayer.

    Odd, that.

    1. N2 Silver badge

      25 million answers

      On two CDs despatched by TNT mail for next day delivery

  7. Gus McKay
    Flame

    Not effective

    There may be good things in this bill; I don't know. Sadly, all I need to do to consign it to the disappointingly large pile labeled "ineffective legislation for propaganda purposes" is read the max penalty.

    ID theft can cost victims thousands, and relevant failures regularly affect thousands or millions. How about a modest penalty of up to £1000 per victim? £500,000 is so much less than it would cost to fix data security in many organizations, making it too easy to justify paying up, rather than fixing things.

  8. Andy Livingstone

    Going in the wrong direction

    Forget fines.

    Legislation should be for naked photos of all Board Members of the appropriate Organisation to be posted on the web.

    For Government Departments it should apply to all Front Bench Spokesmen for the Department together with their top level Civil Service team.

    Perhaps they might take personal data a little more personally and seriously.

    1. Anonymous Coward
      Stop

      Naked photo of Gormless Brun?

      No thanks!

    2. Fred Flintstone Gold badge

      No can do..

      Just putting them out naked is (a) not good enough (you're only making sure companies will hire exhibitionists for the job) and (b) a potential hazard to children. Put them then at least in stocks, and generate extra revenue (unit price + VAT) on the sale of rotten tomatoes in the vicinity, ripe for deployment.

      I deem it then less likely that they will get many to re-offend.

      What I would really want is 3rd party providers be compulsory declared. Some companies buy lists, and as they have no duty to to tell you provided the data you can only ask the company to delete you, but the original list is still sold on, leaving you to play a whack-a-mole game with new spammers. This is, incidentally, also a loophole in teh DPA - if I ask YOU for data I'll have to jump through all the hoops. If I get your friends to tell me about you, you will not be asked permission, yet the data can still be sold legally (AFAIK).

      I now email every spam from UK companies to the ICO. With a bit of luck they will actually start looking at this (or put me in the junk filter) :-). Feel free to join me.

  9. John Murgatroyd

    Not much at all...

    One presumes that the fine is being increased because of this case:

    http://www.theregister.co.uk/2009/03/06/ico_raids_database/

    In which case the penalty enacted upon the guy running the database will increase from this:

    http://www.out-law.com/page-10178

    1. Mark C 2
      Thumb Down

      10 quid

      ..says all Government departments are exempt from this law.

      Wouldn't want Civil Servants abiding by the same laws as us tax-payers/voters/lowly scum now would you.

      Anyway, the penalty should be applied to the Data Controller that is responsible, not the organisation. A novel idea I know.

    2. Anonymous Coward
      Thumb Down

      10 quid

      ..says all Government departments are exempt from this law.

      Wouldn't want Civil Servants abiding by the same laws as us tax-payers/voters/lowly scum now would you.

      Anyway, the penalty should be applied to the Data Controller that is responsible, not the organisation. A novel idea I know.

  10. Flocke Kroes Silver badge

    Half a solution

    A penalty for failure does by itself not teach people how to succeed.

  11. heyrick Silver badge

    Civil Monetary Penalties

    Civil Monetary Penalties

    ^^^^^

    Would this exempt the government, the prime data-loser in recent times?

  12. dracnoc

    Here's an idea...

    If one of those G'ment lot get let loose with a bunch of data in a public place, then their actions should be classed as treason against the state - life imprisonment without parole. That should get their bloody attention.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019