Security

UK data watchdog: Massive fines won't keep data safe

We should be able to use threats though

Bank vault

The UK’s data protection watchdog has said issuing fines "left, right and centre" is not the way to ensure privacy.

However, Information Commissioner Christopher Graham added that this doesn’t mean his office shouldn’t have those exact powers at its disposal.

“The obligation laid on data protection authorities always to fine data controllers in the event of any of a list of failures should be changed to an enabling mechanism. Not ‘shall fine’, but ‘shall be empowered to fine’,” Graham told the European Conference of Data Protection Authorities in Manchester.

“It would be a mistake to believe that data protection authorities will be issuing huge fines left, right and centre. We have to follow due process which requires resources," he said.

"In 2013, we imposed a £250,000 penalty on Sony after finding the company had not taken sufficient steps to prevent the loss of 'vast' amounts of personal data belonging to millions of UK consumers,” he added, although it's worth noting that breaches on this scale are not the norm.

New EU data protection laws are currently being negotiated between 28 national ministers, the European Parliament and the European Commission. With so many voices at the table, a compromise deal is not expected before early next year.

The proposed regulation should in theory be applied the same way in all EU countries, but the ICO admitted it is unlikely that the new framework will be interpreted completely consistently, which could lead to awkward red tape for multinational companies.

“Privacy has never been more important – or more threatened,” Graham continued. “Now there’s the security dimension, with politicians claiming that public safety is an absolute right, while privacy is a right that may need to be qualified.”

A full transcript of the speech can be found here. ®

Sponsored: The world has changed, has your IAM strategy?