Shostack + Friends Blog Archive


UK Information Commissioner's Office Can Now Fine Your Ass

From the article: [link to no longer works]

The Criminal Justice and Immigration Act has received Royal Assent creating tough new sanctions for the privacy watchdog, the Information Commissioner’s Office (ICO). This new legislation gives the ICO the power to impose substantial fines on organisations that deliberately or recklessly commit serious breaches of the Data Protection Act.

It’s about time that the Data Protection Act got some teeth for dealing with breaches. Unfortunately, I haven’t been able to find out much more information on this. All I could find on the ICO’s [link to no longer works] site was a press release [ no longer works] and this position paper [ no longer works] on the need for the ability to fine for breaches. Anyone out there know more?

One comment on "UK Information Commissioner's Office Can Now Fine Your Ass"

  • Adam says:

    You beat me to this one. I was working on a post, which said:
    Adding teeth to a law is clearly going to help somewhat. “Deliberately or recklessly” is a pretty high standard. I have mixed feelings about if it’s the right standard. On the one hand, I’d like to see more enforcement, on the other hand, a lot of security investment is mis-placed, mis-applied or mis-guided. Not following the herd shouldn’t result in fines. Not following good risk management practices, or intentionally placing people at risk? That’s a different story.

Comments are closed.