BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Industry prepares for new ICO penalties starting next month

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Fri, 19 Mar 2010 23:41:50 -0400
http://www.infosecurity-magazine.com/view/8155/industry-prepares-for-new-ico-penalties-starting-next-month/

The IT security industry - and its customers - are starting to prepare
for the introduction of new and stiff penalties for organisations that
allow data to be stolen or leak, and could reasonably be said to be
aware of the risk.

The new rules - from the Information Commissioners Office (ICO) - kick
in on the 6th of April and, says Richard Turner, chief executive of
Clearswift, the most significant change is the level of financial
penalty which is set to rise to a maximum of £500 000 (from £5 000),
for those companies who do not comply with the Act.

Turner says that his firm has been helping companies protect their
data for almost two decades and has developed some of the most
sophisticated content inspection technology in the industry to help
companies to protect important or confidential data.

"Organisations can no longer ignore the seriousness of corporate data
breaches and not complying with the Data Protection Act. On 6th April
2010, the Information Commissioner is upping the financial penalties
to act as a deterrent for companies who flout these rules", he said.

"The loss of personal data or any data that organisations deem
invaluable is unacceptable mainly because it is all preventable", he
added.

According to Turner, the term "accidental" is often used by
organisations to highlight why things have gone wrong - but this just
means that the data security policy was not defined, not shared or not
enforced.

Companies, he argues, can avoid attempted data breaches with web and
email security solutions which are automated, ensure consistent
management and monitoring of communication flows, as well as an
ability to report on violations with roles-based access and audit logs
which comply with process requirements.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: