IT Governance warns on data breaches front

As business prepares to get back to normal in the new year, the governance specialist has said that companies need to act now to meet the increasingly strict requirements of the data protection act compliance regime - or risk the wrath of the Information Commissioners' Office (ICO).

According to Calder, the planned new penalties are of unprecedented severity.

"From April 2010, the ICO expects to impose 25 monetary penalty notices every year for breaches of the DPA. Those fines could be as much as £500 000 pounds each for serious contraventions", he said.

"Any company, or organisation, failing to take reasonable measures to comply will be in the firing line. There could even be prison sentences for deliberate, or negligent, customer data leaks by individuals within an organisation", he added.

Calder went on to say that, as an absolute minimum, organisations should carry out a data protection act compliance audit, to establish what work is necessary and the associated lines of responsibility, as well as executing a risk assessment around the storage and processing of personal data.

To help organisations meet their requirements, Calder's company is launching the IT Governance Complete Data Protection Toolkit, which is billed as combining a compliance assessment tool, compliance documentation toolkit and data protection compliance in a series of pocket guides.

"All UK organisations that hold or process personal data must comply with the data protection act. If you're not really sure if your business is compliant, there is every chance you are far short of the legal requirements", he explained.

What’s hot on Infosecurity Magazine?