Breach of the data protection peace

With the ICO rarely fining for breaches of the Data Protection Act, are businesses breaking rules as they can get away with it or is the ICO bringing about some other type of corporate telling off?

Is this just the beginning of what will become a more rigid and strict approach to data protection act breaches? Industry chatter suggests we have seen this all before PCI started by not fining and allowing companies to miss their deadlines, but things are now much stricter and the fines are filtering through.

On the face of it, name and shame' legislation is still arguably very thin here in Europe, but the European Commission is currently weighing up whether it should enforce mandatory data breach notifications. With breaches increasing in regularity, most would argue the penalties are likely to become more severe.

"While it is true that between 6 April 2010 and 22 March 2011 the ICO concluded that in 2,565 cases compliance with the Data Protection Act was unlikely, over half of these complaints concerned subject access requests whereby an individual has either not been provided with all of the information an organisation holds about them or has not received this information within 40 days. The majority of these types of request will be resolved before there's a need for further enforcement action," said the ICO.

Most would argue the penalties are likely to become more severe.

Advertisement - Article continues below

The organisation added: "The figure for reported cases where information has been disclosed or lost and a monetary penalty is therefore more likely is only around a quarter of the total mentioned. These vary from minor administrative errors where enforcement action would not be appropriate to serious data losses which led to the ICO imposing a monetary penalty."

So, did the ICO make short shrift of its work practices when first questioned with a Freedom of information (FoI) request initially put forward by encryption firm ViaSat? For the most part, the answer is yes.

Has the industry attempted to fuel debate over data security and compliance issues to sell software licenses as a result? Generally speaking, the answer is yes.

Do we need to take an industry-wide more stringent approach to data security, compliance and regulation as a whole? Without question, it is a yes.

Featured Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019