Breach of the data protection peace

With the ICO rarely fining for breaches of the Data Protection Act, are businesses breaking rules as they can get away with it or is the ICO bringing about some other type of corporate telling off?

Is this just the beginning of what will become a more rigid and strict approach to data protection act breaches? Industry chatter suggests we have seen this all before PCI started by not fining and allowing companies to miss their deadlines, but things are now much stricter and the fines are filtering through.

On the face of it, name and shame' legislation is still arguably very thin here in Europe, but the European Commission is currently weighing up whether it should enforce mandatory data breach notifications. With breaches increasing in regularity, most would argue the penalties are likely to become more severe.

"While it is true that between 6 April 2010 and 22 March 2011 the ICO concluded that in 2,565 cases compliance with the Data Protection Act was unlikely, over half of these complaints concerned subject access requests whereby an individual has either not been provided with all of the information an organisation holds about them or has not received this information within 40 days. The majority of these types of request will be resolved before there's a need for further enforcement action," said the ICO.

Most would argue the penalties are likely to become more severe.

The organisation added: "The figure for reported cases where information has been disclosed or lost and a monetary penalty is therefore more likely is only around a quarter of the total mentioned. These vary from minor administrative errors where enforcement action would not be appropriate to serious data losses which led to the ICO imposing a monetary penalty."

So, did the ICO make short shrift of its work practices when first questioned with a Freedom of information (FoI) request initially put forward by encryption firm ViaSat? For the most part, the answer is yes.

Has the industry attempted to fuel debate over data security and compliance issues to sell software licenses as a result? Generally speaking, the answer is yes.

Do we need to take an industry-wide more stringent approach to data security, compliance and regulation as a whole? Without question, it is a yes.

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Most Popular

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020
What is phishing?

What is phishing?

25 Nov 2020
Microsoft Teams no longer works on Internet Explorer
Microsoft Office

Microsoft Teams no longer works on Internet Explorer

30 Nov 2020