Regulator gets power to fine for data breaches
Who will be first to pony up?
Posted in Government, 9th May 2008 15:30 GMT
Understand how application security is evolving
The Information Commissioner's Office now has the power to fine organisations which deliberately or recklessly commit serious breaches of the Data Protection Act.
The Criminal Justice and Immigration Act got Royal Assent today. Sadly the law is not retroactive, so the long list of government departments which have lost or endangered our data in recent months will not be fined.
David Smith, deputy information commissioner, said: "This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people’s personal information. The prospect of substantial fines for deliberate or reckless breaches of the Data Protection Principles will act as a strong deterrent and help ensure that organisations take their data protection obligations more seriously."
The ICO has repeatedly asked for stronger powers to investigate and fine companies which are failing to take data protection seriously.
Smith said such tougher sanctions would help reassure the public that their data was safe. The ICO at one point suggested prison sentences for those responsible for the most serious breaches. ®
See what The Register's experts have to say on application security


The future of SaaS and IT infrastructure management
Should your email live in the cloud: a comparative cost analysis
Hosted security IT manager's guide
Securing your Apache web server with a Thawte digital certificate

Win a Samsung C6625!
Is your cameraphone an oxymoron?
Windows 7, Bing and security: Mr Ballmer regrets
Sign up, sign up for The Register IT security newsletter