|
|
14 Jan 2010
Big Four firm Deloitte have warned about new data protection rules which increase the penalty to £500,000.
Justice secretary Jack Straw yesterday gave the final tick for tough new penalties for personal data security breaches.
Simon McDougall, head of privacy and data protection at Deloitte, said the new penalties, which come into force in April, will come as no great surprise to security or privacy professionals.
“What this means in practice is that, from April this year, the Information Commissioner’s Office (ICO) now has a bigger stick to wield,” he said.
“The ICO will have a wide scope of interpretation when applying its new regime, as the fines can be levied for breaches of principles, rather than against detailed technical requirements. The first few fines the ICO levies will therefore set the tone going forward."
Further reading: The principles of the Data Protection Act in detail
You may also like
Search thousands of financial jobs:
Careers
Search for jobs
Click to search our database of all the latest accountancy roles
Create a profile
Click to set up your profile and let the best recruiters find you
Jobs by email
Sign up to receive regular updates with the latest roles suitable for you
Briefings
By looking at the reasons supplier statements became unfashionable, and the reasons why it is different today, this paper delves into the many benefits that can be obtained by automating the process.
Having a real and true view of your organisation’s current financial position, and having the right systems and processes in place, will ensure that you can make strong choices and are ready to capitalise on opportunities
AccountancyAgeInsight is a frequently updated resource centre for finance professionals, offering a free and easy-to-use digital library of briefings, white papers and other information resources. 
Visitor comments Add your comment
Fines will have an impact, but won't solve the problem in isolation
Resorting to punitive measures, such as fines, represents a sad day in the history of information security. Alas, the repeated examples of lax corporate and public sector security awareness and compliance have made it an unfortunate necessity.
Lax data security processes are not confined to the private sector. TK Maxx, Nationwide Building Society and Cotton Traders are just a few examples of enterprises that have suffered a data loss or theft, but can immediately be matched by failures within the public sector at HM Revenue and Customs, the NHS, the Ministry of Defence, to name just three.
Increased regulation and public expectation over the safety of data poses challenges for the IT department and for those responsible for security policy and training. These challenges are amplified by the real threat of a large fine or other legal sanctions. Some businesses, particularly in vertical sectors such as financial services that are already heavily regulated in relation to data protection, often find themselves struggling to stay on top of the latest regulations and requirements.
Failure to stay on top of these rapidly evolving legal requirements can quickly develop into malaise, and this is where security problems occur. The sizable fines the Information Commissioner?s Office can now impose will hopefully deter organisations of all types from falling behind on data security.
However, if past instances of data loss and theft teach us anything, it is that regulation alone will not solve the problem. Such measures must be aligned with an overall government effort to encourage and build a culture of security best practice and common sense, underpinned by solid technologies that can deliver the level of security required by law and able to cope with emerging threats and the changing ways in which we work.
Posted by: Stuart Hodkinson, UK general manager, Courion, 14 Jan 2010 | 00:00
Inrease in fines a positive step forward
This announcement has the potential to have a serious impact on every organisation in the UK; and rightly. Unlimited fines were approved in concept while Richard Thomas was the Information Commissioner back in May 2008, so it's comforting that hefty fines are becoming a reality, and go some way to encourage the private sector to deploy good data governance. But what about the public sector where fines will not be applicable?
It?s essential for organisations in both the private and public sectors to recognise the importance of data governance, developing and applying robust internal and external strategies to safeguard and protect data. Unfortunately there has to be repercussions if a data breach occurs, which is why the Information Commissioner originally sought custodial sentences for a serious infringement which would have affected the private and public sector.
Posted by: Paul Eveleigh, EHS Brann Discovery, 16 Jan 2010 | 00:00