Poor data security could cost businesses £500,000

Posted on 25/01/2010 by Rich Adams
Data Protection Act, FSA, ISO

From April 6th, the government will impose fines of up to £500,000 for serious Data Protection Act breaches.

This is a major upscale in the power held by the Information Commission's Office (ICO) who currently only have the power to enforce security changes.

The move toward tougher penalties for data security breaches has come as no surprise to many. In a statement, Information Commissioner Christopher Graham said, "Getting data protection right has never been more important than it is today.

As consumers now rely more heavily on internet based transactions and online banking, security must be stepped up a gear. In fact, many predicted even stronger punishments being put in place.

Some experts argued that the maximum fine for a serious breach could be 10% of annual turnover of an offending organisation, while the ICO itself had been seeking the power to impose jail sentences for DPA breaches.

In the end the power to sting offenders with up to half a million pound penalties was decided upon, but that doesn’t necessarily mean the ICO is about to start playing fast and loose with its new found power.

Unlike the Financial Services Authority (FSA) the ICO will have to first serve a preliminary notice saying why they are imposing the fine. They must also reveal what evidence they have, and then consider the organisation's response. Many experts are predicting that fines will only be imposed in the most serious of cases.

What most agree on is, however, that many organisations are in denial about their security, and some may well be caught out financially if the ICO decides to make a few examples as an immediate warning to the rest.