All the latest UK technology news, reviews and analysis
|
|
|
20 Apr 2011
The Information Commissioner’s Office (ICO) has issued just four civil penalties since obtaining powers to issue fines for Data Protection Act (DPA) breaches.
The fines, which account for just one per cent of all reported data breaches since the ICO powers were extended to include monetary penalties just over a year ago, total £310,000. The maximum fine that can be imposed for a single offence is £500,000.
The figures, supplied in response to a Freedom of Information request from encryption firm ViaSat, also revealed that during the period the privacy watchdog had only penalised seven private sector organisations, compared to 29 in the public sector. Of the four fines issued, only one was to a private firm.
An ICO spokesman defended the seemingly meagre use of its powers to hit organisations where it hurts – their bank balance – saying the penalties were a big stick that it did not always have to use.
“Our focus as a regulator is on getting bodies to comply with the DPA. This isn’t always best achieved by issuing organisations or businesses with monetary penalties," he said.
"[However] the existence of civil monetary penalties has had a markedly beneficial effect on compliance generally.”
Presumably, new powers welcomed by the ICO today will be used in a similar way. The privacy watchdog can now issue fines for the most serious incidents of firms making unwanted marketing calls or sending unsolicited marketing emails to consumers.
This change – along with other powers granted to the ICO – will come into force as part of an amendment to the UK’s Privacy and Electronic Communications Regulations on 25 May.
The ICO spokesman told V3.co.uk that the action taken depends on the details of each individual case.
Monetary penalties are served only once the Information Commissioner has satisfied a strict set of criteria. This includes evidence that the breach could have caused substantial damage or distress to individuals and that the organisation knew, or ought to have known, that there was a risk that a breach may occur.
“We will always consider the imposition of a monetary penalty where these criteria are met,” he stated.
Latest stories from Privacy
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Support Engineer - Cisco - LINUX - ISP - NOC - £30-40k...
Netapp Storage Engineer - NCDA - NCIE - Unix/ Linux Skills...
Cisco ISP Pre-sales consultant - CCNA - CCNP - CCIE...
Netapp Storage Engineer - NCDA - NCIE - Unix/ Linux Skills...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
More penalties needed to increase compliance
Perhaps if the ICO started fining more often they could really make companies that are taking a lax view of data security sit up and pay attention. If they saw otehr orgs getting made an example of then I think they would start taking preventative measures, such as enforcing the use of a laptop lock by employees at all times. Which? are calling for tougher penalties for data breaches http://bit.ly/ksEz92
Posted by: Mari Saona 22 Sep 2011