InfoSec 2011: ICO wants larger fining powers
UPDATED: Deputy commissioner David Smith says, ideally, the ICO would like bigger fining powers.
The Information Commissioner's Office (ICO) would like fining powers above its 500,000 cap, a senior figure from the privacy watchdog has admitted today.
Deputy commissioner David Smith said if the need to fine companies over 500,000 arises, the ICO will ask the Government for the ability to issue higher monetary penalties.
"Ideally, we would like a higher level of penalties," Smith told IT PRO at the InfoSecurity 2011 conference, taking place in London today.
"We think what we've got has met the needs of the cases we've had so far and if it fails to deliver a drive to the protection of personal information then we'll go to the Government to ask for it to be increased."
He admitted a 500,000 fine on a large company such as Google, which the ICO investigated for the Street View breach of the Data Protection Act, would not damage its finances.
"For big, multinational businesses, it's not necessarily going to have a huge financial impact on that business," Smith said.
He claimed reputation was the key driver for businesses when it came to data protection.
A false report?
Earlier today it emerged the ICO had fined less than one per cent of all cases since 6 April 2010. The report came from a freedom of information (FoI) request put forward by encryption firm ViaSat.
Just 36 out of 2,565 data breaches were acted on by the ICO and only four cases resulted in monetary fines, the report claimed.
However, Smith told delegates at InfoSecurity 2011 the figures from the report were false, claiming there had not been so many breaches reported to the ICO.
Around 1,500 cases had been explored since November 2007 and this year 600 had been reported, Smith said, adding the ICO was "disappointed" by the reports.
"We're happy with the number of enforcement actions we have taken," he added.
UPDATED: An ICO spokesperson has sought to clear up the confusion surrounding the above figures.
"While it is true that since 6 April 2010 the ICO has concluded that in 2,565 cases compliance with the Data Protection Act was unlikely, the figure for self reported security breaches where information has been disclosed or lost is far lower," the spokesperson said.
"During the last financial year, the ICO received some 603 self reported security breaches. These vary from minor administrative errors where enforcement action would not be appropriate to serious data losses which led to the ICO imposing a monetary penalty."
How inkjet can transform your business
Get more out of your business by investing in the right printing technologyDownload now
Journey to a modern workplace with Office 365: which tools and when?
A guide to how Office 365 builds a modern workplaceDownload now
Modernise and transform your sales organisation
Learn how a modernised sales process can drive your businessDownload now
Your guide to managing cloud transformation risk
Realise the benefits. Mitigate the risksDownload now