The Information Commissioner's Office (ICO) would like fining powers above its 500,000 cap, a senior figure from the privacy watchdog has admitted today.
Deputy commissioner David Smith said if the need to fine companies over 500,000 arises, the ICO will ask the Government for the ability to issue higher monetary penalties.
"Ideally, we would like a higher level of penalties," Smith told IT PRO at the InfoSecurity 2011 conference, taking place in London today.
"We think what we've got has met the needs of the cases we've had so far and if it fails to deliver a drive to the protection of personal information then we'll go to the Government to ask for it to be increased."
He admitted a 500,000 fine on a large company such as Google, which the ICO investigated for the Street View breach of the Data Protection Act, would not damage its finances.
"For big, multinational businesses, it's not necessarily going to have a huge financial impact on that business," Smith said.
He claimed reputation was the key driver for businesses when it came to data protection.
A false report?
Earlier today it emerged the ICO had fined less than one per cent of all cases since 6 April 2010. The report came from a freedom of information (FoI) request put forward by encryption firm ViaSat.
Just 36 out of 2,565 data breaches were acted on by the ICO and only four cases resulted in monetary fines, the report claimed.
However, Smith told delegates at InfoSecurity 2011 the figures from the report were false, claiming there had not been so many breaches reported to the ICO.
Around 1,500 cases had been explored since November 2007 and this year 600 had been reported, Smith said, adding the ICO was "disappointed" by the reports.
"We're happy with the number of enforcement actions we have taken," he added.
UPDATED: An ICO spokesperson has sought to clear up the confusion surrounding the above figures.
"While it is true that since 6 April 2010 the ICO has concluded that in 2,565 cases compliance with the Data Protection Act was unlikely, the figure for self reported security breaches where information has been disclosed or lost is far lower," the spokesperson said.
"During the last financial year, the ICO received some 603 self reported security breaches. These vary from minor administrative errors where enforcement action would not be appropriate to serious data losses which led to the ICO imposing a monetary penalty."
Read on for all the news and interviews coming out of InfoSecurity 2011.
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
