Law Management Blog

Just another Blog for Lawyers

City ‘unprepared’ for data protection penalties

with one comment

As new and more stringent data protection penalties prepare to be rolled out on April 6th, a survey of the capital’s businessmen found that 65% are still ignorant to the fact they may cost their business £500,000 following breaches.

The study, sponsored by Cyber-Ark Software, asked over 500 City workers about knowledge of new penalties. Alarmingly, the majority claimed they have not been told by management about new Information Commissioner’s Office (ICO) powers, aimed at curbing widespread losses in personal data.

“We have been blown away by these findings especially to discover that, with a £500k fine hanging over UK directors as of the 6th April, workers are walking about with unprotected customer records,” Cyber-Ark Software’s Adam Bosnian commented.

“Education is one piece of the puzzle in making sure that those people who do have access to privileged data are responsible with it and recognise the vital role they play in an organisation’s compliance obligations.”

Some 64% of the survey’s respondents carry customer data with them on their mobile phones, and among them 38% completely fail to protect that data, only 50% use a password and just 12% use encryption.

When asked whether their organisation has policies or processes in place to protect customers’ personal data, some 38% did not know if they had measures in place or not.

From 6th April, the ICO will have heightened powers to fine firms for the most serious breaches, as a result of “deliberate or negligent” breaches of personal data. The substantial hike in penalties comes as data loss continues to plague the nation.

Earlier this month, St Alban’s City Council was reprimanded after an unencrypted laptop, containing the personal information of countless postal voters, was stolen, while insurer Zurich was described as “beyond acceptable” after the details of 46,000 policy holders were lost on a backup disc.

“Organisations need to control privileged users and accounts to protect sensitive information, such as customer data, from navigating its way into the wrong hands,” advised Mr Bosnian.

“By having the tools in place that manage who has access to what data, and tools in place to keep track of what they do with it, organisations can regain control – a pretty real need not only to respect the information but to avoid the hefty fines that will soon come into force.”


Written by Andrew Hodges

April 6, 2010 at 10:18 am

Posted in Comment, LinkedIn

Tagged with ,

One Response

Subscribe to comments with RSS.

  1. The level of awareness is not suprising – at the recent Information Commissioner event 870 data breaches have been notified to the ICO since Nov 2007. How many more haven’t been ?

    The move is a positive particularly in non Financial services – The FSA still has greater power of sancture.

    Worth reviewing the ICO guidance of how the process will operate and guidance on how it will be applied –…/penalties_guidance_120110.pdf

    The Spanish equivalent isssued fines of 22m Euros in a year but the ICO is “looking to raise awareness not revenue”. It would be interesting in three months to rpeat the poll and see if this has helped raise data protection up the board agenda.

    Stef Elliott

    April 6, 2010 at 10:48 am

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: