All the latest UK technology news, reviews and analysis
|
|
|
05 Dec 2011
The European Commission is pushing for the power to fine businesses up to five per cent of annual turnover for breaches of privacy rules, according to a draft of the Data Protection Directive to be unveiled in the new year.
Documents seen by the Financial Times suggest that the EC's proposals will also impose mandatory notifications for all companies within 24 hours of any data breach, as the institution looks to strength citizens' privacy.
The document contains provisions for any organisation with more than 250 employees to appoint full-time staff dedicated to data protection, a system not currently enforced in all EU member states.
Elaine Fletcher, a senior associate at law firm Eversheds, told V3 that some of the proposals outlined by the EC could be hard to implement and a burden for many businesses.
"A 24-hour notification system could be very onerous on firms and difficult to conform to as it's not easy to establish when a breach actually occurred," she said.
"Furthermore, a five per cent turnover fining regime is an interesting mechanism to chose as the UK authorities decided against such as system when issuing powers to the Information Commissioner's Office (ICO) as have other member states."
She also noted that a regime requiring firms over a certain number of employees to have dedicated data protection officers failed to take into account the fact some large firms may not process any sensitive data while smaller firms that did would avoid the obligation.
Latest stories from Law
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
A Multi-national data analytic's and cloud computing...
A multi-national software solutions organisation are...
A multi-national software solution provider are looking...
Service Delivery Manager, Customer Service, PCT, Primary...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Is this a Data breach?
A strong deterrent has been needed for some time. I was 'banned' from accessing my data and information for a period of 20 months when my statutory data querying rights were taken away by Cheshire West and Chester Council (under threat of being pursued through the courts using public money). I didn't breach their 'ban' during all of this time, but there is a loophole in the existing legislation. The Information Commissioner cannot investigate a situation like this unless the subject of the 'ban' makes an FOI request - only then will the ICO go after the organisation (because the only justification for not releasing data is through the use of an exemption within the Act). As the situation stands, irresponsible public bodies have a perfect way of concealing potentially immoral, illegal or compromising information which they don't want to get out and do damage to their reputations. I am hoping that the European Commission can take notice and come up with a deterrent to prevent this sort of thing, which flies in the face of any concept of openness or transparency and directly breaches the organisations' own internal FOI and DP policies.
Posted by: Paul Cardin 05 Dec 2011