The Information Commissioner's Office (ICO) promises to use its tougher new powers to protect private data, but admits it's hard to punish public bodies.
Speaking at a Westminster eForum event about online privacy, assistant commissioner Jonathan Bamford said the ICO prefers to encourage compliance rather than punish those who don't comply.
"We prefer carrot to sticks, but our powers have been increasing in strength," Bamford said.
But he added: "I have to admit, the stick we've had for many years is a very small stick."
Bamford said it's now possible to file criminal charges following data breaches, and said later this year the ICO will be able to dole out fines, in the same way the Financial Services Authority (FSA) can. The FSA famously fined Nationwide nearly 1 million after it lost a laptop.
"The Information Commissioner will have those powers and we will use them," Bamford said.
That said, he noted that it's hard to unleash severe punishments on public bodies, especially when they've admitted their mistakes. "We're a prosecuting authority, but we have to act fairly," he explained, adding: "Do you punish them by going for legal action when they've put their hands up?"
Keeping up with tech
The punishments need to be strong because technology's increasing ability to share information is leading to bigger risks and regulation isn't keeping up. Referencing HMRC's massive data breach in 2007, he said: "Try losing 25 million paper records."
Bamford laid out other problems his office now faces. The internet means information spreads more easily, but at the same time it also ensures it sticks around for longer. "Are you forever Google-able?" he pondered.
He also noted that data doesn't stop at borders anymore, adding that the move to cloud computing will only exacerbate the problem of which country has jurisdiction.
Another problem Bamford sees is social networking. "Now we have a generation of people who are quite careless with information, who don't take care of it the way previous generations had," he said, although it's certainly hard to agree after HMRC that the current generation is caring for data particularly well.
Government databases
While he called out the government for responding to every problem by creating a database, he said that the government doesn't really have much more data on us than it used to it may seem that way, but it's only on a superficial level.
"We've got too much of it [data], it's poor quality," he said, adding that making bigger databases won't help anyone. "If you're looking for a needle in a haystack, it's a bit daft to keep building a bigger haystack."
-
Asus ZenScreen Fold OLED MQ17QH reviewReviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
