Law Management Blog

Just another Blog for Lawyers

‘Don’t stay silent on data breaches’ urges ICO

leave a comment »

The Information Commissioner’s Office has called on all UK businesses to stop keeping data breaches hidden as the penalties could become severe when secrets are revealed.

Over 800 data security breaches have been reported by the ICO in the past two years and, while Whitehall departments and NHS organisations are obliged to reveal breaches, the ICO is urging all businesses to be vocal about security lapses.

“In just over two months, a further 100 organisations have reported data security breaches to us,” said ICO Deputy Commissioner, David Smith.

“Talking to us may of course result in regulatory action. However, organisations must act responsibly; those that try to cover up breaches which we subsequently become aware of are likely to face tougher regulatory sanctions.”

Mistakes account for 195 of the 818 data security breaches reported to the ICO since November 2007. 262 breaches are the result of theft, often where the personal information was held on an unencrypted portable device.

And the ICO is advising businesses to minimise risks with a mixture of safeguarding and training.

Owners have been told to encrypt USB sticks, portable hard drives and any other device or system that may contain personal data, whilst making sure that all staff are trained in prevention methods and discouraged from downloading vast swathes of information.

Those companies that fail to acknowledge the ICO’s warning could be plunged in to a new penalty system expected in April this year.

The ICO will be able to order organisations to pay up to £500,000 as a penalty for serious breaches of the Data Protection Act. The power is designed to deal with the most serious personal data breaches and is part of the ICO’s overall regulatory toolkit, which includes the power to serve an enforcement notice and the power to prosecute those involved in the unlawful trade of confidential personal data.

“We are keen to work with organisations to prevent breaches occurring in the first place and to help put things right when things do go wrong,” added Mr Smith.


Written by Andrew Hodges

January 31, 2010 at 5:57 pm

Posted in Comment, Compliance, LinkedIn

Tagged with , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: