BreachExchange mailing list archives
Only four fines over data breaches
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sat, 23 Apr 2011 02:18:51 -0400
http://www.buxtonadvertiser.co.uk/news/regional/only_four_fines_over_data_breaches_1_3304573 Just four civil penalties have been handed out by the information watchdog since the powers came into force last year, with a company that lost information relating to more than 20,00 people in Leicester and Hull fined, figures show. More than 2,500 possible breaches of the Data Protection Act have been reported to the Information Commissioner's Office (ICO), but just 36 have resulted in any action and only four have attracted civil penalties. In all, organisations have been fined a total of just £310,000, with the biggest fine handed out to date being £100,000 - despite the maximum penalty for a single offence being £500,000. The figures, released to encryption firm ViaSat under Freedom of Information laws, also showed that the ICO has taken action against seven private sector organisations, penalising just one, but 29 in the public sector, penalising three. Chris McIntosh, the firm's chief executive, said: "The ICO has a tremendous amount of leeway in the penalties it levies and so far doesn't seem to be applying this in either direction. "The ICO has stated that the embarrassment and poor image of a fine will act as a deterrent and an incentive to improve an organisation's grasp of the Data Protection Act. However, if fines are rare and well below the maximum allowed limit, their value as a deterrent drops. "Organisations will view the rarity of a fine and the associated negative publicity the same way they have viewed the threat of a data breach itself: an event that only happens to other people." The biggest fine to date, £100,000, was given to Hertfordshire County Council in November last year after it accidentally faxed highly sensitive information about cases involving child sex abuse and care proceedings to the wrong recipients on two occasions in the space of two weeks in June 2010. In February, Ealing Council was fined £80,000 and Hounslow Council was fined £70,000 after an out-of-hours service working on behalf of both councils lost two laptops containing the details of around 1,700 people when they were stolen from an employee's home. Almost 1,000 of the individuals were clients of Ealing Council and almost 700 were clients of Hounslow Council. And also in November, employment services company A4e was fined £60,000 over the theft of a laptop containing personal information of about 24,000 people who had used community legal advice centres in Hull and Leicester in June. _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Learn encryption strategies that manage risk and shore up compliance. Download Article 1 of CREDANT Technologies' The Essentials Series: Endpoint Data Encryption That Actually Works http://credant.com/campaigns/realtime2/gap-LP1/
Current thread:
- Only four fines over data breaches Jake Kouns (Apr 25)