"The ICO's powers to fine organisations up to 500,000 for serious data breaches were intended to act as a strong deterrent to prevent data loss. The industry is now waiting to see when this maximum fine threshold will be levied and the impact this will have.
"Tough measures are clearly needed and the FSA's fine for Zurich Insurance, sent a clear message to other Financial Services organisations that it's never worth the risk to take shortcuts on security given the potential damage that can be done both to a business's brand and to their bottom line. "The value of the fine itself may well have an impact on tightening up an organisation's security measures but protecting customers' data should be the main driver for improving security practices rather than the threat of financial punishment. Richard Walters, chief technology officer (CTO) at security software firm Overtis:
"I believe that we are currently in a period of mentoring, prior to out and out enforcement by the ICO. The ICO is still focused on using notices to encourage organisations to improve their handling of personal data. However, I have no doubt that enforcement is coming, at which time I suspect the fines will also increase. "For the vast majority of small and medium-sized enterprises (SMEs), 500,000 is a significant penalty. It is only for large enterprises - including large banks, building societies and insurance companies - that the ICO fine would not fit the crime.
"At the current limit of 500,000, it is too easy for large organisations to risk the fine rather than to implement strong controls. As with fines against individuals, the ICO fines should be based on a 'means test'."
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
96% of SMBs are missing critical cybersecurity skills – here's whyNews The skills shortage hits SMBs worse as they often suffer from a lack of budget and resources
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Sophos Firewall Virtual review: Affordable network protection for those that like it virtualizedReviews Extreme network security that's cheaper than a hardware appliance and just as easy to deploy
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
