"The growing number of high profile data breaches, the increase in the ICO's powers and the media coverage of these breaches, have ensured that the issue of data protection has not only become a board level matter for companies, but has also gained considerable public attention.
While the FSA and ICO have different remits and the ICO puts a heavy focus on working with businesses to ensure that steps are taken to stop data breaches happening again, sooner or later the ICO is going to have to use its fining powers in order to show it has teeth.
"A fine makes it very clear to the general public that a significant error has occurred and, although 500,000 may not be a significant amount to a large organisation, the surrounding publicity can potentially be more damaging. It is this that a majority of larger organisations will seek to avoid."
Peter Hall, partner in Wragge & Co's information law team:
"I don't think there is a lack of power now.
"I suspect it is the age old problems of any regulator really, that they've got a lack of enforcement ability, just in terms of actual manpower.
"The major fines [for data loss] have been delivered by the FSA rather than the ICO, so it does sort of signify a different mindset between the FSA and the ICO on these things in terms of how they approach those sort of data loss in the financial services sector.
"It seems to me the ICO tends to leave it to the FSA to wield the heavy stick a little bit.
"Maybe the position we're in at the moment with the ICO is that they're still being a little bit cautious about wading in with big financial penalties against companies. Whether that is the right or wrong approach, you could accuse them of being a bit lily livered."
Edy Almer, vice president of product management at Safend:
"Looking at the case of Zurich Insurance and the 2.2 million fine issued by the FSA, this shouldn't necessarily be seen as a sign that the ICO should raise their fines from the 500,000 maximum that they are currently able to enforce. The fines are already higher than the cost of implementing solutions to properly manage data security.
"If anything, the ICO should issue smaller fines and more often.
"If Europe and the UK do not start acting fast, there will be more instances of this kind and once it's out, the genie cannot be put back in the bottle."
Murray Pearce, director at Vigil Software:
"Although in these cases, fines have not yet been issued, the question has once again been raised on what impact the ICO's powers to fine up to 500,000 have had.
"Is the threat of higher fines alone enough to make organisations take action, or does the ICO now need to act on its new powers to set an example to the industry? Time will tell the full impact of these tougher penalties, but it's certainly true that compliance is providing the impetus for security projects to be approved, that would have been requested by IT managers anyway."
-
Enterprises face delicate balancing act with data center sustainability goalsNews High energy consumption, raw material requirements, and physical space constraints are holding back data center sustainability efforts, according to new research from Seagate.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
96% of SMBs are missing critical cybersecurity skills – here's whyNews The skills shortage hits SMBs worse as they often suffer from a lack of budget and resources
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Sophos Firewall Virtual review: Affordable network protection for those that like it virtualizedReviews Extreme network security that's cheaper than a hardware appliance and just as easy to deploy
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
