UK.gov delays new data breach powers
PrintICO still waiting for teeth
Posted in Government, 9th April 2009 14:19 GMT
Free whitepaper – Thermal design of Dell PowerEdge server
The government has failed to meet its own deadlines to bring in new powers for the Information Commissioner's Office (ICO) to fine companies who lose personal data.
The Ministry of Justice won't say when it plans to publish the secondary legislation needed to set the fines or why it did not meet its March target.
A spokesman said: "The Criminal Justice and Immigration Act 2008 amended the Data Protection Act and introduced a power for the Information Commissioner to impose civil monetary penalties on data controllers that knowingly or recklessly commit serious contravention of the data protection principles (including security).
"We are committed to bringing these provisions into force as soon as possible."
Changes to the Data Protection Act were proposed following a rash of high profile data losses by the government and private companies in 2007. The ICO lobbied for the power to impose civil penalties on those who fail to protect privacy.
Most of its European counterpart data watchdogs have similar powers.
An ICO spokeswoman said it had submitted to the Ministy of Justice's consultation on the powers, and was awaiting the outcome.
This week the security industry called on the government to publish its plans. Data protection specialist FutureSoft said it understood officials were set a target to implement a civil penalties regime by the summer parliamentary recess "at the latest", but noted "there is, as yet, no sign of the statutory guidance". ®
Free whitepaper – PowerEdge M1000e, M600 and M605 spec sheet
Managing desktop software for fun and profit
Analyst Keynote: The Register Agile Data Center Summit
Enabling The Agile Data Center
Dirty, dirty PCs: The X-rated picture guide
Top 500 supers - rise of the Linux quad-cores
Early adopters bloodied by Ubuntu's Karmic Koala
Sign up, sign up for The Register IT security newsletter