Merchant Securities Group was fined 77,000 even though it didn't even have a security breach, but simply because its methods risked enabling one.
At the time, Margaret Cole, the director of enforcement at the FSA, said: "It is unacceptable that despite increased awareness of data security issues, a firm should be so careless about its systems for protecting customers' personal details. People have a right to expect their details to be kept secure and firms should be committed to treating their customers fairly in all aspects of their business." Right on, Margaret. Right on.
Lesson 11: The ICO needs more powerOf the 277 data breaches the ICO has investigated over the past year, it's taking action against 30 organisations. That's not a lot.
The actions it can take generally consist of sending an angry letter demanding changes to processes, to ensure the guilty body learns to comply with the Data Protection Act. For the most part, this means deleting unnecessary data and encrypting portable media devices which is what the watchdog made Virgin Media do in the wake of a lost disc.
Under the threat of prosecution, most organisations seem to just buy some encryption software and get on with business. Not really much of a deterrent, is it?
Members of the government and the information commissioner himself have all called for stronger powers. Thomas said last year that his limited powers were a "very bizarre situation, unlike virtually all the other data protection authorities around the world and most other regulatory bodies, such as the Financial Services Authority."
Indeed, until the watchdog gains the power to fine like the FSA or data breaches become criminalised, it's going to continue to be little more than a source of good advice often ignored and some nasty letters now and then.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
New Zealand privacy commissioner tipped to become next ICO headNews John Edwards is said to be an 'anti-Facebook' regulator who would fit well in the UK's plans to clamp down on big tech
-
What is a freedom of information (FOI) request?In-depth We look at the mechanism citizens can use to hold public bodies to account
-
ICO hints at Facebook hypocrisy over data protection goalsNews Elizabeth Denham asks Facebook to drop appeal after CEO's call for greater internet regulation
-
ICO to investigate Google over GDPR violationsNews UK Watchdog to liaise with other European regulators over 'forced consent' push by the tech giant
-
ICO myth-busts on the flow of data post BrexitNews The Information Commissioner explains how data will move between the UK and EU in a no-deal scenario
-
Leave.EU faces big fine over data law breachesNews Information commissioner reveals Leave.EU was fined a total of £75,000 for “serious breaches”
-
ICO website knocked offline for more than 24 hoursNews The outage was caused by an “unprecedented electrical surge” that damaged its host’s circuits
-
Elizabeth Denham appointed ICO bossNews Denham will be tasked with helping the UK leave the EU without any knock-on effects on privacy
