Wednesday, November 18, 2009

News: ICO to Fine Companies £500,000 For Serious Data Breaches

From Panopticon Blog: The Information Commissioner is to get powers to deliver civil penalty notices on a data controller for a serious contravention of the data protection principles if the contravention is:

1) Deliberate or reckless
2) Of a sort that is likely to cause substantial damage or distress

The post makes two criticisms: first, the proposed cap of £500,000, as large as it might seem, compares less favourably with other regulator's powers to fine up to 10% of an organisations turnover. Second, as the government ultimately pays for many of the organisations in question, imposing large fines may have 'a slightly unreal quality to it'.

No comments:

Post a Comment