ICO confirms imminent data breach fines

[Christine Fulgham <christine () opensecurityfoundation org>]

http://www.v3.co.uk/v3/news/2270673/ico-confirms-breach-fines

The Information Commissioner's Office (ICO) has confirmed that it is in the
process of imposing fines against two organisations that have breached the
Data Protection Act.

Deputy information commissioner David Smith told *V3.co.uk* at an Internet
Society event in London that the regulator hopes that the fines will make a
significant statement about data
protection<http://www.v3.co.uk/v3/news/2270673/ico-confirms-breach-fines#>
.
 "This will be a landmark moment in ensuring that firms take [data
protection] seriously," he said.

"There have been a lot of questions asked of us about whether we are
actually going to fine firms, and I can assure people that we will be
actively using this power."

Smith declined to reveal any details of the companies involved, but said
that information will be posted online "in the near future".

The ICO has been criticised in the
past<http://www.v3.co.uk/v3/news/2266549/breach-reporting-should>for
failing to use its powers, and legal experts have argued that the
fines
it is able to levy are not a sufficient enough deterrent to make
organisations behave in a responsible way with personal
data<http://www.v3.co.uk/v3/news/2270673/ico-confirms-breach-fines#>
.

Smith reiterated earlier statements that the ICO is investigating the leak
of personal information by
ACS:Law<http://www.v3.co.uk/v3/news/2270477/acs-law-face-ico-action>,
but declined to comment further on the incident.

The deputy information commissioner also said that companies need to be
accountable for the security of the data they hold, and that it is important
to exercise self-denial and not just hold data because it is possible to do
so. He also made a veiled reference to TalkTalk.

"There should be no exemption from these principles just because you are
trialling a new service," he said.

TalkTalk was recently
reprimanded<http://www.v3.co.uk/v3/news/2269347/ico-warn-talktalk-url-tracking>for
failing to inform its customers or the ICO of a trial of technology
that
monitored the web sites visited by customers in order to direct them away
from malware<http://www.v3.co.uk/v3/news/2270673/ico-confirms-breach-fines#>infected
pages.

Smith also said that the ICO wants businesses to provide users with settings
so that "without reading the small print they know they will get a minimal
level of protection".

Finally, Smith added that location-based services will raise issues around
data protection as the collection of information that details where someone
was at a particular time of day goes "a long way towards identifying
someone".

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Take CREDANT Technologies short survey on cloud usage and security.
Take the survey: http://www.surveymonkey.com/s/TXDR7WT
Respond by October 12, 2010.
Enter to win a $500(US) Amazon Gift Card.