back to article Public sector faces hefty fines for data breaches

UK state-sector organisations could face seven-figure fines for data breaches, according to the review of data sharing ordered by the prime minister. In a wide-ranging report, which also recommends the scrapping of the edited electoral roll, information commissioner Richard Thomas and Mark Walport, director of medical charity …

COMMENTS

This topic is closed for new posts.
  1. Gordon Pryra

    What the bloody hell is a fine going to do to a government department?

    How stupid do they think we actually are?

    Throw the bastards in jail if they give/sell/loose our data

    And they think we trust them with the ID cards?

  2. david

    Hang on a minute...

    ...where does the money to pay the fines come from...

    ..and go to for that matter...

    I think the snake might have just swalloed its tail.

  3. Anonymous Coward
    Thumb Up

    And without charge please

    "The report also says that the public should generally be able to see their own data online"

    Simple way to achieve that would be to abolish the ability to charge subjects for access to their own data.

    Making it available online would be the most obvious way to reduce the cost of providing subjects access to their data.

  4. Anonymous Coward
    Unhappy

    Don't fine organisations - sack people

    Nationwide's bill was picked up by.... their members! Hooray.

    Any council getting fined is going to cost... Council tax payers! Hooray

    Until individuals are sacked for gross misconduct (and losing their pension pots / bonuses too) nothing will change.

  5. Dave
    Happy

    Not fines, gaol time.

    I don't see that fines can have an effect on an organisation funded by tax. They can, and will, just get the money from us.

    For public sector organisations to take data laws seriously I feel it needs to be a criminal offence, applied to individuals, and involve a custodial sentence.

  6. Panos
    Thumb Down

    How do fines for publicly funded bodies work???

    So, if some council cocks up they fine them. So, they money that we pay to the council every month is now used as a fine which goes to the Treasury (or some other government agency). Then the council says, "sorry, no more money, we scrap a few services and we need to put up the tax for next year to cover the shortages".

    That's great, they cock-up, the Treasury gets more money and the council gets the money the year after anyway. So, they do a bad job and then they all get more money out of us. Any other bright ideas?

  7. John Widger
    Coat

    I'ts a joke. Isn't it?

    Just shifting taxpayers money around. It isn't even a slap on the wrist.

  8. Ted Treen
    Unhappy

    It's all bo££ocks....

    What's the point of the taxpayer paying a huge fine to er..um.. the taxpayer?

    Wouldn't it be just a teensy bit more effective to make some of these (mis-)managers face their responsibilities and quit - or be fired?

    There MUST also be a provision that they don't simply move to a similar job in the department next door.

    It is prohibited to discriminate on grounds of race, religion, ethnic origin, sexual orientation, gender or age. Are we now expected to add intellectual capacity and competence to the PC-list of no-go areas?

    Pah! A plague on all their houses!

  9. NB
    Pirate

    oh for fucks sake

    OK, normally I don't foam at the mouth this badly but

    WHAT FUCKING KOOL-AID HAVE YOU BEEN DRINKING YOU COMPLETE AND UTTER FUCKING RETARDS!?

    Fining a Govt body is utterly pointless as we ,the tax payer s,will still be paying for it. This is just another pointless, idiotic, waste of time and money designed to calm the less educated members of our so-called society that are too bloody stupid to work out that this achieves nothing.

    Make the fuckers legally accountable and imprison the culprits who are to blame for losing data or breaching data protection laws. That's what we need here. Hefty prison sentences and/or unemployment, never to return to the public sector in any way shape or form. People need to be held PERSONALLY accountable for these situations and they need to be made to suffer when they fuck up. Only then will they really take it seriously.

    As for being able to view our data online, considering the quality of the 'mylifemyid' site and this Govts pathetic record on data security and IT in general. I think I'd be very worried if they tried to introduce this unless it was contracted out, not to the lowest bidder, but to a company with a good record on security. I.e not Microsoft for a start.

  10. Steven Jones

    Fines

    Remind me - who pays if my council gets fined? Oh that's right - it's me; or I suffer by loss of service. It's about time that the penalties were aimed at those who transgressed the law; that way it might focus minds so it is the real perpetrators who pay the consequences. In the case of fines against a company, then it's the shareholders who get hit who can take it out on the board. If it's a public body, especially an unelected one, it just makes work for lawyers and accountants and the rest of us get stuck with the costs.

  11. Andy Livingstone

    Two Registers?? No security??

    The Information Commissioner is currently investigating how my own data was provided to an Organisation that was content to confirm its source in writing as the Voters Register. That's despite my having an X for "no publicity" since the option was provided.

    How much security is that and how will it improve if these suggested changes come about?

    Is it really wrong to fine the Council? Not if it is the full amount obtained by selling data, surely? Zero cost to Taxpayers.

    Write the Council Chief's Terms of Employment to require P45 and loss of accrued pension on data security failures.

    Civil Servants used to sign letters as "Your Humble and Obedient Servant". They are the Masters now.

    Don't even start me on the Planning Department !!

  12. Aodhhan

    You ding dongs

    The fines are for PRIVATE SECTOR companies.

    Do you actually read the entire article, or only those words containing less than 5 letters? ...and then jump on the bandwagon of another who bashes gov't?

    For government organizations: Responsible individuals at least are fired. Many countries are passing laws which will land offenders in jail as well as compensation. So you may not get the governement entity, you can at least get the person who didn't meet compliance.

    With the many options for encrypting data at rest at affordable prices, there really isn't any excuse. However, no matter how idiot proof you make something... someone will find a way to build a better idiot.

  13. Steven Jones

    @Andy Livingstone

    "Is it really wrong to fine the Council? Not if it is the full amount obtained by selling data, surely? Zero cost to Taxpayers"

    Uhm - so the damage has been done to me by my data having been sold yet I still don't get the benefit in reduced council charges or improved services? Perhaps they could pay this fine that magically matches the sum earned straight to me.

    There's also the little point that fines and other criminal sanctions are meant to cause some inconvenience to the miscreant. It's not meant to be something that just nullifies the amount earned by the misdemeanor. Those who cheat on their tax bills have to pay the missing tax and a fine on top. Tjhose who don't buy a TV license still have to buy a license, but they pay a fine on top.

    I have a better idea - why not make part of any senior manager's salary liable to a deduction for such offences up to a certain limit (I'm not vindicitve). A level of group responsibility would be involved here, and some would lose out if the failure was in another part of the organisation. That might sound unfair, but no less so than those that see the value of their shareholding decrease due to a corporate fine even though they, personally, had nothing to do with the action in question. However, what such group responsibility does do is focus minds - shareholders who would lose all their investment if an airline had a poor safety record are going to make sure that is sorted out. The same with group responsibility for senior enough managers in public bodies.

    Nb. I've no problem with senior managers in private companies being so treated as an alternative to the shareholder picking up the bills.

  14. Lukin Brewer

    Fining government departments.

    I'll tell you what happens when you fine a government department. Each department has its own annual budget, set by the Treasury. The fines come out of this. They cannot just reach into the "public purse" and grab the cash. They do not get an extra allowance to cover the fine, either in the current financial year or the next financial year. While it would not be impossible to divert more funds to them, this would be a naughty and underhanded action, and would cause a rash of senior refusals-to-resign if it came to light.

    So the department has to tighten its belt and make cuts. Sometimes this produces a reduction in headcount, but I don't think that these were the sort of sackings that previous commenters were calling for.

  15. Brandon
    Paris Hilton

    operant conditioning, my friends...

    The person or persons that stole the data are the ones responsible. If I leave my keys on a table at a friend's house, and another guest takes them and steals my car, should the government fine the home owner for not having better security?

    NO... they should string up the person that stole the car from a light pole, or bring back the stockades, so we can all throw salmonella infested tomatoes at them. In the case of the data thieves, THEY should get the 1m in fines... make them slaves to the people until they pay off their debts. I could use a house-keeper!

    Paris, because she's all the fine anyone needs...

  16. David Beck
    Thumb Down

    @Aodhhan

    From the article I read -

    'On 10 July 2008, Walport conceded that, in the case of public bodies, fines would involve taxpayers' money moving from one organisation to another. But he told GC News: "An organisation that hasn't got the right procedures (and is fined) will be in trouble at the top. A fine isn't everything, but it sends a pretty bad signal."'

    That sounds like fining the taxpayer to me. How do you read it?

    "trouble at the top"? Sounds like "payoff, 7 figure pension pot, CBE" to me, I've seen the results of those "bad signals" before.

  17. Anonymous Coward
    Flame

    Jail time

    So, who gets to go to prison? Is it the spotty sixteen year old who doesn't knows better and is just doing what they are told or their manager or senior managers or corporate directors. I guarantee that it won't be the ones at the top.

This topic is closed for new posts.

Other stories you might like