back to article Data loss fines hit £500K from today

From Tuesday 6 April, the Information Commissioner’s Office (ICO) will get enhanced powers to fine organisations up to £500,000 for serious breaches of the Data Protection Act. Previously the maximum fine was a paltry £5,000. The tougher measures will be imposed alongside compulsory audit notices to central government …


This topic is closed for new posts.

    The ICO?

    Huge fines are simply vacuous posturing by a puppet regulator that has failed the public time and time and time again.

    The ICO, in their own estimation, can't comprehend the IT industry they are meant to regulate.

    Welcome Mat, because I'd welcome a change of personnel at Wilmslow to accompany this announcement.

    1. Anonymous Coward
      Big Brother

      Only possible because they're leaving..

      New Labour couldn't afford to be fined out of their trousers by their mismanagement. Now they're leaving (well, hopefully conclusively thrown out) they try to set up problems for the next incumbent who will have a job fixing the mess.

      That's my view anyway.

  2. John Smith 19 Gold badge
    Thumb Up

    NuLabour tries to look tough to data subjects

    It only took them 13 years to do so.

    Thumbs up (eventually) for giving the ICO some teeth.

    I wonder if it will persuade people that all that data (most of which is only being gathered at the behest of assorted data fetishists within the Civil Servant and their assorted junior minister sock puppets) is safe in their hands?

    31 days likely, 66 days maximum.

  3. The Cube

    Compared the DPA with PCI DSS?

    Holy crap, I hadn't realised the DPA was so utterly and unspeakably useless from conception to audit that it could be compared with PCI DSS!

    If it is only half as irredeemably shite as payment card "security" then we should just scrap it now.

  4. Anonymous Coward
    Anonymous Coward

    Hope this applies to the Police

    who seem to be a MAJOR ignorer of DPA 1998 laws,along with other Govt bodies.

  5. amanfromMars 1 Silver badge

    Criminals 'r' Us Labouring as Incompetent Politicians. J'accuse.

    And who will be the first to realise that the Public Purse can be milked and bilked for millions with the careless deliberate release of supposedly secure information by departments looking for more funding, for how does the Government fine itself without it being thought of another dodgy stealth tax racket dreamt up by the seriously deluded and patently unhinged?

    1. Anonymous Coward


      PLus how many nasty little cowboy IT security companies are lining up, ready to offer shite services to firms desperate to ensure they don't get stung by this?

  6. Anonymous Coward

    Wheres my quid!

    So how much will every tax payer in the country get from all the fines after the Gov forks out for the utter foul up's of lost off the Gov foul ups last year alone thats somewhere in the region of £1 per person Brown owes us...we can but hope anyhow!

  7. Steen Hive

    Cost their organization?

    What? People who for any reason have data in their possession that may be covered by the DPA should be personally responsible for it!

    If some spiv can't be bothered to learn how to operate their tools beyond clicking on the blue "e", then they are not qualified to have access to such data, full stop. If they can't learn, fire them and get someone suitable for the job.

    "Lose that laptop, and it'll cost you £500k" will stop their farting in church.

    1. Anonymous Coward
      Thumb Up

      Money Laundering

      Exactly! Well said!

      Same with anti-money laundering in the financial sector, you as the individual are respsonsible for reporting suspicions, failure to do so results in large fines and prison terms for the schmo at the bottom right through to the director at the top.

      As with AML, ignorance is no excuse!

    2. Anonymous Coward

      Not quite enough

      It should be up to £500k per breach. Which would mean "per record". So if you lose a laptop with 1,000 records on it; that's a fine of £500,000,000. Which is, quite simply, bankruptcy and the company going under.

      THAT should focus the minds of the CEOs, CIOs and COOs into actually DOING THEIR JOBS.

      If, of course, the board members have ensured that all removable media/devices are properly encrypted (or that data can't be taken off-site, period) and that staff are trained in maintaining data security; then any breach would only receive a minimum penalty (if any at all).

      However, this is the ICO and Labour are still in power (and very friendly with big business). Another bunch of toffs are about to come in and shaft the public again with their corruption; so nothing will actually happen and we will continue to get screwed over by these arseholes.

      Plus ca change.

  8. Anonymous Coward
    Anonymous Coward

    Fines are not enough

    Fines do not change things, because organisations will just pay them. It is about time prison sentences got mendated for the people IN CHARGE. Don't send the poor schmo who never got told of his obligations, send his boss to the slammer for a few years. Maybe then, with personal freedom at risk if they do not protect the data they are intrusted with, will they finally take action.

  9. Anonymous Coward


    The ICO fines, say HMRC, and the money goes where, exactly?

    1. Anonymous Coward
      Anonymous Coward

      Hold senior managers...

      ...or board members personally liable. They get paid enough to "take risks" and "shoulder responsibility", time they actually faced some risks and took responsibility!

  10. The Metal Cod

    Gesture Politics

    This is gesture politics of the worst kind. The ICO has shown itself to be incompetent and lacking the guts and balls to hold companies and the government to account. This gesture will not change the fact that my large left testicle has more balls than the whole of the ICO, which is patently unfit for purpose.

    1. VulcanV5
      Paris Hilton

      Data regulatiion breach

      This revelation of personal information falls into the category of disclosure of data likely to disturb others -- in this instance, the voluminous condition of your left testicle and the way it appears to be in multiple occupation.

      Please desist from further disclosures otherwise I will have to report you.

      (Note: the ICO doesn't know what it's supposed to regulate, still less enforce, so the chances of it taking action in your case are high.)

      * Paris, because some disclosures are in the pubic interest.

  11. Tricky Dicky

    Who pays the fine?

    So a Local Council is fined for losing local council tax payers data - who pays - the local council tax payers.

    A Bank is fined for losing customers data - who pays - the customers in increased bank charges and interest rates.

    A Hospital is fined for losing patients data - who pays - the patients in reduced services to cover the shortfall in funds.

    Who never pays - the prat that lost the data!

  12. Anonymous Coward
    Anonymous Coward

    Tuppence a go

    £500,000 works out at about 2 pence for every one of the 25,000,000 records lost by HMRC in the debacle over lost disks. Of course, government is exempt from the fines. This is just a smokescreen so that Labour can be seen to be doing something and getting tough with people, creating a distraction from the Govt's own failings.

    One problem nobody seems to have commented on much is that once your date of birth, National Insurance number and mother's maiden name are in the hands of the bad guys, you can't get make them secret again, fines or no fines, or change them (unless the whole country goes into the equivalent of a witness protection programme!).

  13. Wize

    @AC 16:13

    "Don't send the poor schmo who never got told of his obligations, send his boss to the slammer for a few years."

    I think there might be a whole lot more lost data happening...

  14. Anonymous Coward

    This will only affect the NHS

    The ICO lack the skills, knowledge and appetite to go after the private sector, so will simply engage in rearranging the money in the government's trousers at horrific expense.

    Finding problems with the NHS' information security is like shooting fish in a barrel.

    Plus, they know that by picking on public sector organisations, no-one will be sacked. So everyone can sleep easy.

  15. J Lewter


    I think 100 fold is a little larger than 100 times.

    If the new fine was 6,338,253,001,141,147,007,483,516,026,880,000 per offence then it would be 100 fold.

    I think the current increase is about 6.65 fold..

  16. Old Car

    DPA hot air

    Underwhelming news at best. Who wants to hand out a chunky fine when we're being told that the beginning of the end of the recession is in sight? And an outgoing government? Will a new government have the appetite for this? And if the penalties aren't actively applied then what strength does this really have?

This topic is closed for new posts.

Other stories you might like