V3 readers back European Commission's tough data protection proposals

V3 readers have overwhelmingly backed tough European Commission proposals to fine organisations up to five per cent of annual turnover if they break privacy regulations, according to the results of our latest survey.

Documents seen by the Financial Times early in December also proposed that any organisation with more than 250 employees should be forced to appoint full-time staff dedicated to data protection.

They form part of the draft for a new Data Protection Directive, which is set to be unveiled in the coming months. The document also suggests that the commission will propose mandatory notifications for all companies within 24 hours of any data breach.

Currently the US leads the way in data protection legislation, having instituted mandatory breach notification laws in most states since the early 2000s; however, there are no strict financial penalties there similar to those being proposed by the European Commission.

Despite the harsh fines proposed in the document, a whopping 87 per cent of V3 readers claimed that such a move would encourage firms to better protect customer data.

With hacktivists such as the Anonymous online collective joining the fray, customer data has never been more at risk, whether the perpetrators want to post it online to Pastebin to make a socio-political statement or sell the personal details on underground internet forums.

This may explain why a further eight per cent of V3 readers went on to say that, if anything, the maximum fine for firms that break privacy regulations should be even higher.

However, a small number maintained that such high fines are not the way forward.

Two per cent of V3 readers argued that although the law needs strengthening in this area, five per cent of turnover is too high a fine to impose. A further three per cent said the current penalty system used by data protection watchdog, the Information Commissioner's Office (ICO), is adequate.

The ICO currently has the power to fine organisations up to £500,000 for serious breaches of the Data Protection Act, although it has been accused in the past of pulling its punches by giving too many firms the benefit of the doubt.

Its biggest fine to date was in December 2011 when it fined Powys County Council £130,000 after details about a child protection case were sent to the wrong recipient.