Breach of the data protection peace
With the ICO rarely fining for breaches of the Data Protection Act, are businesses breaking rules as they can get away with it or is the ICO bringing about some other type of corporate telling off?
Is this just the beginning of what will become a more rigid and strict approach to data protection act breaches? Industry chatter suggests we have seen this all before PCI started by not fining and allowing companies to miss their deadlines, but things are now much stricter and the fines are filtering through.
On the face of it, name and shame' legislation is still arguably very thin here in Europe, but the European Commission is currently weighing up whether it should enforce mandatory data breach notifications. With breaches increasing in regularity, most would argue the penalties are likely to become more severe.
"While it is true that between 6 April 2010 and 22 March 2011 the ICO concluded that in 2,565 cases compliance with the Data Protection Act was unlikely, over half of these complaints concerned subject access requests whereby an individual has either not been provided with all of the information an organisation holds about them or has not received this information within 40 days. The majority of these types of request will be resolved before there's a need for further enforcement action," said the ICO.
Most would argue the penalties are likely to become more severe.
The organisation added: "The figure for reported cases where information has been disclosed or lost and a monetary penalty is therefore more likely is only around a quarter of the total mentioned. These vary from minor administrative errors where enforcement action would not be appropriate to serious data losses which led to the ICO imposing a monetary penalty."
So, did the ICO make short shrift of its work practices when first questioned with a Freedom of information (FoI) request initially put forward by encryption firm ViaSat? For the most part, the answer is yes.
Has the industry attempted to fuel debate over data security and compliance issues to sell software licenses as a result? Generally speaking, the answer is yes.
Do we need to take an industry-wide more stringent approach to data security, compliance and regulation as a whole? Without question, it is a yes.
In This Article
Application security fallacies and realities
Web application attacks are the most common vulnerability, so what is the truth about application security?Download now
Your first step researching Managed File Transfer
Advice and expertise on researching the right MFT solution for your businessDownload now
The KPIs you should be measuring
How MSPs can measure performance and evaluate their relationships with clientsDownload now
Life in the digital workspace
A guide to technology and the changing concept of workspaceDownload now