Feeds

ICO targets lost laptop breaches under tougher fine regime

Watchdog bares teeth at encryption refuseniks

Using blade systems to cut costs and sharpen efficiencies

The deputy commissioner of the Information Commissioner's Office said that it is no longer a "toothless tiger" and has the resources and resolve to apply enhanced powers to data protection miscreants.

David Smith said increased fines of £500K, introduced in April, for the worse case of privacy breaches would "concentrate minds on getting it right". He stressed that the watchdog would far rather work with organisations towards this than resort to enforcement.

Experienced IT lawyer Dai Davis, of Brooke North, predicted that the increased fines would result in a handful of high-profile enforcement actions while resulting in little real change. He also argued that the ICO lacks the resources to mount a strong legal assault in the event of a corporation contesting a legal action. He cited the enforcement case against Halifax Bank over the use of credit reference agencies that went all the way to the House of Lords and culminated in failure back in the mid 1990s. The ICO avoided legal action for years afterwards.

Smith responded to questions on resources by saying that recent increases in data protection registration fees to £500 for larger firms would finance enforcements while also bankrolling greater use of audits. "We have to be effective. there is provision in legislation for us to ask for greater fees, if necessary," Smith told The Register.

"We are keen to use our new powers but will not act recklessly," he added. Smith added that firms that lost laptops that were not encrypted would be among the prime candidates for enforcement action, predicting a "handful" of cases over coming months.

During a keynote speech at InfoSecurity Europe 2010, Smith cited figures that showed the health service was responsible for almost a third of all reported data breaches in the UK. However, since the scheme is voluntary the picture it presents is incomplete. European legislation means that mandatory breach notification laws will be applied to telecom carriers within 18 months.

"Data protection is a widespread problem not confined to the public sector," Smith commented. Lost data or hardware and stolen data or hardware were the two most common causes of data protection problems. Lack of awareness about data protection, failure to take responsibility and use of legacy systems (such as unencrypted laptops) and policies were among the problems holding back better protection of public data, Smith said.

Smith wants to see mandatory notification in cases where personal data might have been exposed but not in situations where an encrypted laptop was lost, for example. He also wants to see private investigators who used trickery to obtain confidential records jailed. ®

The Essential Guide to IT Transformation

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
Grim diversity numbers dumped alongside Facebook earnings
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
Bose says today IS F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.