IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Does the ICO have enough power to stop data breaches?

With two breaches of the Data Protection Act being reported this week, we ask some experts whether the ICO is doing enough to help prevent data losses in the UK?

"The growing number of high profile data breaches, the increase in the ICO's powers and the media coverage of these breaches, have ensured that the issue of data protection has not only become a board level matter for companies, but has also gained considerable public attention.

While the FSA and ICO have different remits and the ICO puts a heavy focus on working with businesses to ensure that steps are taken to stop data breaches happening again, sooner or later the ICO is going to have to use its fining powers in order to show it has teeth.

"A fine makes it very clear to the general public that a significant error has occurred and, although 500,000 may not be a significant amount to a large organisation, the surrounding publicity can potentially be more damaging. It is this that a majority of larger organisations will seek to avoid."

Peter Hall, partner in Wragge & Co's information law team:

"I don't think there is a lack of power now.

"I suspect it is the age old problems of any regulator really, that they've got a lack of enforcement ability, just in terms of actual manpower.

"The major fines [for data loss] have been delivered by the FSA rather than the ICO, so it does sort of signify a different mindset between the FSA and the ICO on these things in terms of how they approach those sort of data loss in the financial services sector.

"It seems to me the ICO tends to leave it to the FSA to wield the heavy stick a little bit.

"Maybe the position we're in at the moment with the ICO is that they're still being a little bit cautious about wading in with big financial penalties against companies. Whether that is the right or wrong approach, you could accuse them of being a bit lily livered."

Edy Almer, vice president of product management at Safend:

"Looking at the case of Zurich Insurance and the 2.2 million fine issued by the FSA, this shouldn't necessarily be seen as a sign that the ICO should raise their fines from the 500,000 maximum that they are currently able to enforce. The fines are already higher than the cost of implementing solutions to properly manage data security.

"If anything, the ICO should issue smaller fines and more often.

"If Europe and the UK do not start acting fast, there will be more instances of this kind and once it's out, the genie cannot be put back in the bottle."

Murray Pearce, director at Vigil Software:

"Although in these cases, fines have not yet been issued, the question has once again been raised on what impact the ICO's powers to fine up to 500,000 have had.

"Is the threat of higher fines alone enough to make organisations take action, or does the ICO now need to act on its new powers to set an example to the industry? Time will tell the full impact of these tougher penalties, but it's certainly true that compliance is providing the impetus for security projects to be approved, that would have been requested by IT managers anyway."

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

ICO crackdown on AI recruitment part of three-year vision to save businesses £100 million
data protection

ICO crackdown on AI recruitment part of three-year vision to save businesses £100 million

14 Jul 2022
The public sector will no longer face eye-watering data breach fines, ICO confirms
public sector

The public sector will no longer face eye-watering data breach fines, ICO confirms

1 Jul 2022
MoJ faces £17.5m GDPR fine over subject access request backlog
data protection

MoJ faces £17.5m GDPR fine over subject access request backlog

20 Jan 2022
The IT Pro Products of the Year 2021: The year’s best hardware and software
Hardware

The IT Pro Products of the Year 2021: The year’s best hardware and software

31 Dec 2021

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022