 
|
|
In partnership with:
|
11 July 2008 State-sector organisations to face £1m fines for ‘reckless’ breachesRob Stringer The UK may be drawing closer to a data breach law following a directive spurred on by the Prime Minister which called for seven-figure penalties for ‘reckless’ organisations. The review, assembled by information commissioner Richard Thomas and director of the Welcome Trust medical charity, Mark Walport, proposed that the government implement the large fines that the Financial Services Authority currently have in place. The fines would largely serve a ‘deterrent function’ stated Thomas, and would only be implemented where a breach has been proved to be deliberate, or the result of reckless behaviour. Specifics of the legislation have not yet been arranged, but Thomas and Walport hope to implement the fines from November of this year. "An organisation that hasn't got the right procedures (and is fined) will be in trouble at the top,” commented Thomas. “A fine isn't everything, but it sends a pretty bad signal." “There is increasing pressure, building up a head of steam, for companies to take control of critical data,” remarked George Fyffe of Application Security, a database security company. “The number of downloads of Whitepapers referring to PCI and SOX has gone up by a factor of ten. People are beginning to take the issue of data protection seriously.” The review was requested by Gordon Brown last October, just three weeks before the notorious HMRC data loss. The FSA has handed out several fines in recent months, including a £1.24m penalty for Norwich Union after thieves gained the surrender of the pension funds of 74 pensioners last December, and more recently a £1m fine for Nationwide Building Society after the theft of a laptop containing details of some 11m customers. Related stories: Banks should accept liability, says House of LordsBlears PC stolen in latest Government information breach
|
|
