back to article Government consults on possible £500,000 data breach fines

The Information Commissioner's Office (ICO) would have the power to fine organisations up to £500,000 for serious breaches of data protection principles under plans announced this week by the Ministry of Justice. The consultation, Civil monetary penalties - setting the maximum penalty, asks just one question: whether the …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Government exempt

    I guess that as usual all government bodies will be exempt as they can "learn lessons" and conduct root and branch reviews rather than actually fix their problems!

    If only they actually practised what they preached.

    They can leak our information non-stop all the time yet they still get paid their bonuses but if a private sector company leaks info then that's just unacceptable

  2. lukewarmdog
    Badgers

    Hanging's Too Good For 'Em

    "we consider it desirable that the maximum amount of the penalty should not be higher than the equivalent of 10% of the highest annual turnover of a small company."

    Small company.. 10%.. what now? How is that in any way relevant to a Government department losing half a million drivers details / patients records / pay details for undercover police / addresses of army staff / etc.

    Oh it's not meant to be.. because the Government knows it's more than likely it will fall foul of this law several times and doesn't want to sting itself with massive fines. There shouldn't be a cap on the amount and the fine itself should get put into a charitable causes pot.

  3. JetSetJim
    Go

    Will this apply to govmt organisations too?

    Given their rich history of losing our stuffs...

    Maybe the fine could take the form of a tax rebate for all those whose data is lost in that case...

  4. Ed Blackshaw Silver badge
    FAIL

    So I guess the proceeds form any fine would go into the exchequer

    In which case, when the gubmint gets its fines (this is sure to happen, right?), this money would come from the exchequer and go... back in the same pot?

    Or maybe, it should go back to us taxpayers as a rebate? Stop laughing at the back...

    What is ACTUALLY required, IMHO are criminal sanctions against the individuals concerned, and not just the lowly scapegoats who get the blame for data leaks, but their superiors who put them in a position to leak the data and through negligence, allow it to happen. I would dearly love to see those senior civil servants and government ministers serving time for their wilful disregard for the privacy and rights of us minions, er.. sorry, voters. Same goes for those in big buisness who think that profits are more important than the rights of their customers. God forbid that there would ever be any cross-over between these two groups, of course...

  5. amanfromMars 1 Silver badge

    Junk Fuel .....Sub Prime Ministerial lines

    Are the Labour Government on crack?

  6. Adam Salisbury
    Thumb Down

    @amanfromMars 1

    If only that were true, the much more terrifying reality is that they're stone cold sober!

  7. Ed Blackshaw Silver badge

    @amanfromMars 1

    "Are the Labour Government on crack?"

    They're probably just on stupid.

  8. Anton Ivanov
    WTF?

    If the small company sole business is breaking the act?

    If the small company sole business is breaking the act (as was the case recently with a couple of agencies) 10% is a very reasonable fee to do business. Almost like a licensing regime.

  9. Anonymous Coward
    Anonymous Coward

    Seems fair

    So if some company keeps a record of my preference in chocolate (or something equally harmless) it may be fined half a million pounds. But if the police arrest me on a trumped-up charge, they can take and keep my DNA (probably the most important and critical personal data I have) more or less indefinitely.

    By the way, if any MOP (member of the public) chooses to ring up the police (anonymously if they prefer) and accuse me of assaulting someone, odds are the police officer who deals with the call will begin by arresting me - before doing anything else, such as finding out the facts.

  10. Sooty

    why a maximum fine

    why not set a fixed 'per item' fine based on the severity of the data leaked, that way the difference between losing 20 meaningless items of data on 20 people can be differentiated from losing the entire country's medical records, for example.

  11. Anonymous Coward
    Anonymous Coward

    why can no-one do maths anymore?

    "However, we consider it desirable that the maximum amount of the penalty should not be higher than the equivalent of 10% of the highest annual turnover of a small company."

    That makes no sense whatsoever.

    A percentage is a proportional figure that can be applied to many different actual figures to give the same proportion.

    So in order to confuse, we are being apples and oranges - 10% of turnover of small company should be the same PROPORTION as 10% of a large company.

    10% of the highest turnover of a small company IS NOT a comparable figure unless you define what a small company is or the highest and lowest turnovers are for such companies.

    This is merely a statistical way to make it disproportionately in favour of large companies on whose board government ministers sit.

    Criminal sanctions on INDIVIDUALS is the only way to go. Fine's dont go to the victims of data loss.

  12. Graham Marsden

    "a penalty up to 10% of an organisation’s turnover."

    So if the MOD or the Security Services or the Governmetn lost our data, how much could they be fined.

    Except, of course, they're funded from the public purse, so the money would go back to the public purse and the net result would be nothing (except some fat fees for a few lawyers, perhaps)

    Now if the money was actually put into teaching such organisations about data security, password protection and file encryption for instance...

    ... nah, that would be sensible, forget I mentioned it.

  13. Anonymous Coward
    Anonymous Coward

    Teeth

    Evidently watchdogs just don't need them.

  14. Anonymous Coward
    FAIL

    Data protection act

    1998 not 1988

This topic is closed for new posts.

Other stories you might like