InfoSec 2011: ICO wants larger fining powers

UPDATED: Deputy commissioner David Smith says, ideally, the ICO would like bigger fining powers.

Data protection

The Information Commissioner's Office (ICO) would like fining powers above its 500,000 cap, a senior figure from the privacy watchdog has admitted today.

Deputy commissioner David Smith said if the need to fine companies over 500,000 arises, the ICO will ask the Government for the ability to issue higher monetary penalties.

"Ideally, we would like a higher level of penalties," Smith told IT PRO at the InfoSecurity 2011 conference, taking place in London today.

"We think what we've got has met the needs of the cases we've had so far and if it fails to deliver a drive to the protection of personal information then we'll go to the Government to ask for it to be increased."

Advertisement - Article continues below
Advertisement - Article continues below

He admitted a 500,000 fine on a large company such as Google, which the ICO investigated for the Street View breach of the Data Protection Act, would not damage its finances.

"For big, multinational businesses, it's not necessarily going to have a huge financial impact on that business," Smith said.

He claimed reputation was the key driver for businesses when it came to data protection.

A false report?

Earlier today it emerged the ICO had fined less than one per cent of all cases since 6 April 2010. The report came from a freedom of information (FoI) request put forward by encryption firm ViaSat.

Just 36 out of 2,565 data breaches were acted on by the ICO and only four cases resulted in monetary fines, the report claimed.

Advertisement - Article continues below

However, Smith told delegates at InfoSecurity 2011 the figures from the report were false, claiming there had not been so many breaches reported to the ICO.

Around 1,500 cases had been explored since November 2007 and this year 600 had been reported, Smith said, adding the ICO was "disappointed" by the reports.

"We're happy with the number of enforcement actions we have taken," he added.

UPDATED: An ICO spokesperson has sought to clear up the confusion surrounding the above figures.

Advertisement - Article continues below

"While it is true that since 6 April 2010 the ICO has concluded that in 2,565 cases compliance with the Data Protection Act was unlikely, the figure for self reported security breaches where information has been disclosed or lost is far lower," the spokesperson said.

"During the last financial year, the ICO received some 603 self reported security breaches. These vary from minor administrative errors where enforcement action would not be appropriate to serious data losses which led to the ICO imposing a monetary penalty."

Advertisement - Article continues below

Read on for all the news and interviews coming out of InfoSecurity 2011.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now


data management

EU-US data transfer tools used by Facebook ruled legal

19 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Information Commissioner

What is the Information Commissioner’s Office (ICO)?

5 Sep 2019

Most Popular


How to use Chromecast without Wi-Fi

5 Feb 2020

The top ten password-cracking techniques used by hackers

10 Feb 2020
Microsoft Windows

Windows 7 bug blocks users from shutting down their PCs

10 Feb 2020

Coronavirus starts to take its toll on the tech industry

6 Feb 2020