back to article ICO rules against British Council

The Information Commissioner's Office (ICO) has found the British Council in breach of the Data Protection Act after the loss of an unencrypted computer disc Details lost include sensitive personal information relating to trade union membership of over 2,000 members of staff. The British Council reported the data breach to …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Thumb Down

    Toothless ICO

    > Failure to meet the terms of the undertaking would lead to further enforcement action by the ICO.

    Oh, no! The British Council must be quaking! They might have to sign ANOTHER piece of paper!

    Come on, they lose the personal information of 2,000 individuals and all they have to so is say they won't do it again. Jeez. I want resignations!

  2. Anonymous Coward
    Anonymous Coward

    You've got to be kidding

    An unencrypted CD arrived at offices here only this morning, delivered by our favourites, TNT. Lessons? Learned? Come off it.

  3. Wokstation

    Heaven Forbid...

    "the ICO has required the orgnisation to sign a formal undertaking of reasonable measures to keep personal information secure in future."

    Yes, heaven forbid the ICO actually punish them...

  4. Anonymous Coward
    Joke

    OK...

    ... so the crime of failing to protect people's data is punished by... er ... being told to protect it in future. And if you don't do as you're told, we'll ... er ... tell you again!

    Scary stuff indeed. No wonder our institutions are so good at protecting people's data.

  5. John Imrie
    Unhappy

    Proactive reporting?

    The British Council proactively reported the breach to the ICO

    Why not proactivly protect the data instead?

  6. Anonymous Coward
    Anonymous Coward

    Oh my, we're doomed!

    In line with government standards? so basically 'SNAFU, but don't tell anyone!'

  7. RW
    Flame

    Where are the teeth in all this?

    Who was it that said treaties were just "pieces of paper", to be torn up and thrown away when they'd run their course of usefulness? Hitler? Stalin? Bismarck?

    Signing a pledge is so useless and ineffective as to be risible. Excuse me for a second while I laugh appropriately: ha ha ha ha ha ha, you've got to be kidding!

    It's time to make explicit the linkage between executive pay and performance, by making organization heads *personally* liable for fuckups like this. If whoever's the head of the British Council had to pay, say, £200 per person whose data was lost, I think you'd soon see the British Council become a model for guarding data.

    Since modern management methods include rejection of the premise that the buck stops on anybody's desk, least of all the head man's, it's time for teeth — and sharp ones! — to be embodied in the law. I will, however, be kind and generous and exempt from such draconian penalties pay up to the amount made by the lowest paid person in the organization.

    The equation then becomes explicit: you want all that extra pay? Then do the work involved. You're not allowed to take credit for what goes right if you don't also accept responsibility for what goes wrong.

    The idea has to be expunged from society that once you get the pay and perks of being in management you are free to do anything you damned well please. Quite the contrary: given the excessively high pay to executives, it's only reasonable to hold them to an equally excessive high standard of behavior.

    PS: There's an objection to this scheme: it would encourage organizations to hide their malfeasances. Let's deal with that by increasing the fine ten-fold if there's evidence of hiding the facts.

  8. Tom
    Joke

    Don't forget to...

    make sure it's a good password (say P@ssw0rd) and write the password on the disc.

This topic is closed for new posts.

Other stories you might like