Does the ICO have enough power to stop data breaches?
With two breaches of the Data Protection Act being reported this week, we ask some experts whether the ICO is doing enough to help prevent data losses in the UK?
"The ICO's powers to fine organisations up to 500,000 for serious data breaches were intended to act as a strong deterrent to prevent data loss. The industry is now waiting to see when this maximum fine threshold will be levied and the impact this will have.
"Tough measures are clearly needed and the FSA's fine for Zurich Insurance, sent a clear message to other Financial Services organisations that it's never worth the risk to take shortcuts on security given the potential damage that can be done both to a business's brand and to their bottom line. "The value of the fine itself may well have an impact on tightening up an organisation's security measures but protecting customers' data should be the main driver for improving security practices rather than the threat of financial punishment. Richard Walters, chief technology officer (CTO) at security software firm Overtis:
"I believe that we are currently in a period of mentoring, prior to out and out enforcement by the ICO. The ICO is still focused on using notices to encourage organisations to improve their handling of personal data. However, I have no doubt that enforcement is coming, at which time I suspect the fines will also increase. "For the vast majority of small and medium-sized enterprises (SMEs), 500,000 is a significant penalty. It is only for large enterprises - including large banks, building societies and insurance companies - that the ICO fine would not fit the crime.
"At the current limit of 500,000, it is too easy for large organisations to risk the fine rather than to implement strong controls. As with fines against individuals, the ICO fines should be based on a 'means test'."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.