Mixed reactions to the first data breach fines from the ICO

As reported yesterday, the first fine of £100 000 was issued to Hertfordshire County Council for two serious incidents where council employees faxed highly sensitive personal information to the wrong recipients.

The second fine of £60 000, was issued to employment services company A4e for the loss of an unencrypted laptop which contained personal information relating to 24 000 people who had used community legal advice centres in Hull and Leicester.

According to Ed Macnair, CEO of Overtis, the user activity management software specialist, this looks, at first glance, like the ICO has real teeth.

However, he said, in the case of the stolen laptop, the penalty is less than £3 for each lost record. And when you consider the fact that A4e is a £145 million company, the breach has had a higher impact on the 24 000 individuals whose confidential information has been lost.

John Poulter, Informatica's senior vice president, meanwhile, said that, as a result of the internet, organisations are increasingly more culpable for the data that they provide.

The fines, he says, are proof that the consequences for mis-managing data are very real and highlights the need for master data management to come into its own in 2011.

"Ten years ago data quality was significantly neglected, but over the past couple of years we have seen a real shift in focus. The rise of online is instrumental in making businesses take responsibility for the information and data they use and provide", he observed.

Richard Turner, chief executive with Clearswift, said that cases highlight the fact that data security is far more complex in today's business environments where a wide range of communication channels are in use.

"Organisations need to realise that, in conjunction with security technology, their staff can be a powerful additional protector of data security", he said.

"For data security policies to be really effective, employees need to understand what the parameters are and more importantly why they are there. Education and explanation of web and email policies means that people can actively take on board the risks and adapt their behaviour in the long-term", he added.

Jamie Cowper, data protection specialist at Symantec, meanwhile, said that the ICO has given the Data Protection Act its teeth, and the fines show that the ICO's bite lives up to its bark.

The fines, he explained, demonstrate the importance of protecting data and of having clear guidelines in place to determine how sensitive information is used.

What’s Hot on Infosecurity Magazine?