News - ICO dishes out first Data Protection Act fines

[HEXUS]

Council among the first to face DPA wrath.

Read more.

[Saracen]

About time.

[Hicks12]

I know a lot of government areas need to have a great kick in the back side when looking at DPA but i really dont see how fining them is going to help? I presume im wrong but surely the amount of time and effort of making a report saying they are indeed in breach of this and need to pay up is costing the tax payer more money? And if you think about it, we are just being fined ourselfs as thats our tax money right?

[aidanjt]

Hicks12: My thoughts exactly. Punitive measures should involve firing whoever is responsible. Nobody in the government is going to care about fines (unless it comes out of their own pocket). But threatening their cushy little number is far more effective.

[miniyazz]

Indeed. Fining the public for losing the public's data, is quite retarded. I'm guessing the commissioner doesn't have the power to fire or fine specific people

[Gary Clark]

Get protection – before it’s too late

It was announced earlier this month that the ICO would issue its first fine in November. Since then, a number of companies have fallen victim to large fines. A question that springs to mind is whether or not these companies are actually the worst offenders or were just in the wrong place at the wrong time.

Although the companies mentioned in the article did in fact breach the data protection act and were right to be fined, other firms have been let off with warnings this year for much worse – is this just the ICO flexing its muscles and scaremongering? It seems very convenient that a public and private sector firm were fined at the same time just before the end of the month. Who will be next? It could be anyone and companies, both public and private need to make sure their data is protected.

Sensitive information is often stored on the hard drives of endpoint systems and on removable media. Organisations need to ensure that this data is persistently protected and one way of doing this is via encryption. The loss of one of those systems or media could expose corporate information, personnel records, government secrets, or intellectual property, producing disastrous effects for organisations. Encryption is transparent and there is no disruption to business operations, performance, or the end user experience.

When sensitive data on endpoints is secured organisations can focus on other areas. Data needs to be fully protected or the next example made by the ICO could be for the full £500,000.

Gary Clark, Vice President EMEA, SafeNet

[peterb]

Good post and thank you for identifying yourself as having a vested interest in the subject.

While I appreciate that you haven't mentioned any product here, if you do have a product, you may wish to consider contacting HEXUS advertising to see if there is any way HEXUS could help you promote it.

[BobF64]

Punitive measures should involve firing whoever is responsible. Nobody in the government is going to care about fines (unless it comes out of their own pocket). But threatening their cushy little number is far more effective.

Exactly.

If they cant, or wont, identify the individual responsible, then the department head should be held responsible.

I think people would be surprised just how vigilant people will be when their job is on the line.