http://www.techweekeurope.co.uk/news/ico-cracks-down-on-data-breaches-but-no-fines-7495 Enhancing business with technology - in association with eweek.com Thu, 24 May 2012 11:10:22 +0000 hourly 1 http://wordpress.org/?v=3.3.2 http://www.techweekeurope.co.uk/news/ico-cracks-down-on-data-breaches-but-no-fines-7495#comment-20069 Steve Mellings Wed, 18 Aug 2010 21:22:42 +0000 http://www.eweekeurope.co.uk/?p=7495#comment-20069 I've just been with a client and the very question of "Where are all the ICO fines?" came up so a quick google threw this story up. My answer is simple: Until Breach Notification becomes mandatory only public sector will disclose breach to the ICO. Furthermore, how do data controllers know they've suffered breach??? Some of the controls over areas such as asset retirement are so poor that they wouldn't actually know when they have lost control of their data. Sadly the reality of the ICO fine is that it was a headline grabbing change with little real teeth. The ICO needs to go out and test / audit clients ability to control their data. Until that point happens the status quo will continue. I’ve just been with a client and the very question of “Where are all the ICO fines?” came up so a quick google threw this story up. My answer is simple: Until Breach Notification becomes mandatory only public sector will disclose breach to the ICO. Furthermore, how do data controllers know they’ve suffered breach??? Some of the controls over areas such as asset retirement are so poor that they wouldn’t actually know when they have lost control of their data.
Sadly the reality of the ICO fine is that it was a headline grabbing change with little real teeth. The ICO needs to go out and test / audit clients ability to control their data. Until that point happens the status quo will continue.

]]>