According to Rolf von Roessing, ISACA's international vice president, news that an extension to the Data Protection Act that imposes fines of up to £500,000 for a data breach – and which can be applied from the start of the new UK financial year – will start to get the message across that data losses are now unacceptable.
"The passing of the new statute and its approval by Jack Straw MP, the Secretary of State for Justice, is good news for anyone who has been affected by company data breaches," he said. "Whilst it's good to know that the size of the fine will be determined after an investigation to assess the gravity of the breach and the size and finances of the organisation at fault, this legislation brings the UK into line with the rest of Europe in giving the regulator real teeth to tackle what is becoming a growing problem," he added.
It is, von Roessing explained, a major worry for responsible citizens to find that their private data – or even worse, that of their children – has been released into the public domain.
Security issues such as identity theft, job application refusals and all manner of public embarrassment can result from the disclosure of private data, he went on to say, adding that what can be shrugged off by one person can result in major concerns for another.
"It has been more than 25 years since the original Data Protection Act came into force, in which time computers and the Internet have changed our lives largely for the better," von Roessing said. "It is to be hoped these changes will send a strong message that data losses are no longer acceptable and carry real consequences."
"Whilst there are likely to be a number of high-profile data loss prosecutions this year, it is to be hoped that business leaders will now start giving privacy and data protection issues the attention they deserve," he added.