Regulator gets power to fine for data breaches
Who will be first to pony up?
What you need to know about cloud backup
The Information Commissioner's Office now has the power to fine organisations which deliberately or recklessly commit serious breaches of the Data Protection Act.
The Criminal Justice and Immigration Act got Royal Assent today. Sadly the law is not retroactive, so the long list of government departments which have lost or endangered our data in recent months will not be fined.
David Smith, deputy information commissioner, said: "This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people’s personal information. The prospect of substantial fines for deliberate or reckless breaches of the Data Protection Principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously."
The ICO has repeatedly asked for stronger powers to investigate and fine companies which are failing to take data protection seriously.
Smith said such tougher sanctions would help reassure the public that their data was safe. The ICO at one point suggested prison sentences for those responsible for the most serious breaches. ®
COMMENTS
@AC Yes minister
why? Why not make it an offence to be incompetent in your job if you're being paid by the public, can vote your own pay rise, can totallly fubar entire nations and then get an index-linked pension?
Penalties
If the data protection commissioner has only now just been awarded powers to fine people, what penalties were they able to levy before, none?
How can you enforce a law if you don't have any powers to punish those that break the law?
It never ceases to amaze me at the stupidy of legislation formed by by this NuLabour government.
yes minister
Remember that according to UK practice - it is not criminal to be incompetent as a minister - personal responsibility due to ignorance and lack of competence are excempt for ministers in the UK. This is the only group of professionals who are specifically excempt by law from any personal responsibility due to grave incompetence. All others can be penalized... the further down on the food chain - the more likely that this happens...
so at the end of the day it would be the clerk who is found 'guilty' and not his manager...

IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Steps to Take Before Choosing a Business Continuity Partner
Enabling efficient data center monitoring
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider