RSS Alerts

Related Links

Related Stories

  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • A law without force
    After a deluge of data breaches, the UK government is considering ways to provide the public with better shelter, through strengthening data protection law and punishment. Dan Ilett considers the options
  • ISACA welcomes strengthening of UK penalties on data breaches
    ISACA, the not-for profit international association of 86 000 IT security, audit and governance professionals, has welcomed news that the UK government has beefed up the penalties the Information Commissioner's Office (ICO) can impose on errant companies causing major data breaches.
  • ICO to make data protection compliance easier
    The Information Commissioner’s Office (ICO) has released a new guide on data protection containing practical advice on data protection compliance. New Information Commissioner Christopher Graham also talked to Infosecurity on the challenges facing ICO.
  • Orwellian state of security - CCTV
    Wherever you turn in most UK cities and towns, you will spot CCTV cameras. They are there for our protection and safety – or so their owners claim. Are they really that effective? And is anyone watching the watchers? Kari Larsen investigates

News

ISACA backs power increase for Information Commissioner

23 June 2009

ISACA, the not-for-profit organisation that seeks to encourage best practice in the IT security industry, has given the `thumbs up' to plans to significantly increase the powers of the Information Commissioner's Office (ICO) later this year.

According to Vernon Poole, a member of ISACA's information security management committee and head of business consultancy for Sapphire, back in July 2008, as part of his outgoing report, Information Commissioner Richard Thomas criticised the EU data protection directive - which underpins the UKs Data Protection Act - for effectively showing its age.

Poole notes that reports now suggest that the Government will enhance the powers of the ICO, allowing it to raise penalties against data controllers, under Section 55A of the Data Protection Act.

Poole claims that, under Section 55A of the Act - which the Government has reportedly set an internal target for implementation on for later this year - the information commissioner will be able to impose penalties on companies that fail to protect their data, when that data is subsequently lost.

Current Government practice, he says, is to provide statutory guidance at least 12 weeks before the legislation comes into force.

The original plan, he adds, was for the penalties to be published in March of this year, ready for Section 55A of the Act to become law this month.

These dates have now passed, he says, but if the internal target is to pass the legislation amendment before the Parliamentary summer recess, then Section 55A could become law by the late Autumn of this year.

"This is good news as, at that stage, we will coming up on the second anniversary of the infamous loss of 15,000 pension customer details on a CD-ROM mailed between HMRC's offices in Newcastle and Edinburgh."

"That incident became the milestone which started off a chain of reports of data losses in the public and private sector in the UK and effectively triggered the amendments to the DPA we now know as Section 55A."

 

This article is featured in:
Compliance and Policy Data Loss Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water