Breach of the data protection peace

With the ICO rarely fining for breaches of the Data Protection Act, are businesses breaking rules as they can get away with it or is the ICO bringing about some other type of corporate telling off?

Is this just the beginning of what will become a more rigid and strict approach to data protection act breaches? Industry chatter suggests we have seen this all before PCI started by not fining and allowing companies to miss their deadlines, but things are now much stricter and the fines are filtering through.

On the face of it, name and shame' legislation is still arguably very thin here in Europe, but the European Commission is currently weighing up whether it should enforce mandatory data breach notifications. With breaches increasing in regularity, most would argue the penalties are likely to become more severe.

"While it is true that between 6 April 2010 and 22 March 2011 the ICO concluded that in 2,565 cases compliance with the Data Protection Act was unlikely, over half of these complaints concerned subject access requests whereby an individual has either not been provided with all of the information an organisation holds about them or has not received this information within 40 days. The majority of these types of request will be resolved before there's a need for further enforcement action," said the ICO.

Most would argue the penalties are likely to become more severe.

The organisation added: "The figure for reported cases where information has been disclosed or lost and a monetary penalty is therefore more likely is only around a quarter of the total mentioned. These vary from minor administrative errors where enforcement action would not be appropriate to serious data losses which led to the ICO imposing a monetary penalty."

So, did the ICO make short shrift of its work practices when first questioned with a Freedom of information (FoI) request initially put forward by encryption firm ViaSat? For the most part, the answer is yes.

Has the industry attempted to fuel debate over data security and compliance issues to sell software licenses as a result? Generally speaking, the answer is yes.

Do we need to take an industry-wide more stringent approach to data security, compliance and regulation as a whole? Without question, it is a yes.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Ransomware criminals look to other hackers to provide them with network access
ransomware

Ransomware criminals look to other hackers to provide them with network access

17 Jun 2021
CVS Health data breach leaves a billion records exposed
data protection

CVS Health data breach leaves a billion records exposed

16 Jun 2021
Four in five ransomware victims suffer repeat attacks
ransomware

Four in five ransomware victims suffer repeat attacks

16 Jun 2021
Putin open to handing cyber criminals over to US
hacking

Putin open to handing cyber criminals over to US

14 Jun 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
Millions of Volkswagen customers affected by data breach
data breaches

Millions of Volkswagen customers affected by data breach

14 Jun 2021