back to article First data fines on the way, says ICO

The information commissioner will announce the first organisations to be fined for failing to protect data later this month. Christopher Graham said that the fines of up to £500,000 "give the ICO the teeth that many people in the past said it lacked". The ICO gained the ability to issue such penalties on 6 April, along with …


This topic is closed for new posts.
  1. MJI Silver badge

    Lets start with ACS Law

    Go-on maximum fine - they deserve it

    1. Anonymous Coward
      Anonymous Coward

      ACS:Law is small fry

      Graham is saving the maximum fine for big breaches, he said so. It's all about posturing. ACS:Law only made a little mistake affecting a few thousand people. The ICO's big day will be when it claws 500K off an NHS budget somewhere, forcing ward closures and making Christopher Graham the Civil Servant of the Year.

  2. Rogerborg

    Talk a good game, don't they?

    I suspect the collective response will be to keep ignoring the ICO, since that's what everyone's got used to by now.

    At most, there might be a terse "Yeah, see you in court - you've got the budget for that, right? No? Oh dear, what a terrible shame."

    At this point, public pike-polishing is about the last thing the ICO should be doing. Until there are heads on those pikes, they ICO will continue to be a joke with no punchline.

  3. oldcodger

    Fining who ?


    When will the regulatory bodies realise that NO public bodies, whether they are government, local authorities , councils, NGO's etc, have any money of their own.

    It used to belong to the long suffering "general public" you and me, before it was taken as taxes and tribute.

    Fining public bodies is indirectly fining the general public, 'cause next year the offenders are going to put up their taxes, fees or whatever to recover the fines.

    The only way to hurt these offenders is to SACK them without compensation!

    Bring on the tea party!



  4. Daniel Barnes


    Would there be any point in the ICO fining public sector organisations? It's not like the money will be coming from their profits like it would a private company, instead it will come from our pockets the next year in the form of increased tax. Maybe instead they should be given the power to fire the useless numpties responsible and change the procedures, like disallowing sensitive information to be taken outside the secured offices via laptop/memory stick.

  5. Anonymous Coward
    Anonymous Coward

    Justice: by the powerful, for the powerful

    Police: You knowingly and illegally intercepted data with Phorm

    BT: Oh, but we had no criminal intent

    Police: Well that's all right then, sorry to have bothered you, carry on

    ICO: You illegally gathered personal data from UK citizens

    Google: Oh, but we will delete the data and won't do it again

    ICO: Well that's all right then, sorry to have bothered you, carry on

    Council: Your car was photographed in a bus line, that will be £30

    Ordinary citizen: But I only crossed the lane to park

    Council: That'll be £30 please, and more if you don't hurry

  6. Anonymous Coward
    Thumb Up

    ah, right:

    *cough* Andrew Crossley *cough*

  7. Mark 179

    ACS Law

    I wonder if they are in the first batch ?

  8. Anonymous Coward
    Anonymous Coward

    how about the names?

    I'd like to short their stock.

  9. Mark C 2

    Wrong approach

    Fining public bodies just takes money from the tax payer. I suggest the ICO should instead take the 500k from the bonuses of the top 100 earners in the organisation - that would help them to focus on data security.

    Alternatively, make it punishable by jail, and apply it to public and private organisations evenly.

  10. The Metal Cod

    I'll Believe It

    When I see it. Are you going to bite, little doggie?

  11. irish donkey


    I'm sorry let me take you to a free lunch in 'The Ivy' then I can give you all the reassurances you need to prove that this will never happen again.

    Sorry I've been a very naughty boy.

    What is a cheaper? A £500.000 fine or enforcing proper Data protection.

    Answers on a postcard?

  12. JaitcH

    Heaven help the ICO's first victims

    To prove his office isn't a wuss < >, this guy is really going to hit a few targets hard.

    Then he will shut all his critics up and he can go back to sleep

  13. The Cube

    he would apply "the max" penalty, describing it as "the horror benchmark"


    He would fine the incompetent vermin £500,000 for compromising the identities of 25,000,000 people? A fine of £0.02 per person impacted?

    Oooooh, quaking in my boots over data protection, the ICO has a new name "growling hamster".

  14. JasonW

    No, not fines...

    ... Jail the responsible directors/chief executives (and use proceeds of crime legislation to recover the cost of incarceration from them personally) because I don't want to pay (usually as a reluctant customer) for the illegal activities of the public or commercial body...

  15. BryanM
    Thumb Down

    Who pays the fines?

    What's the point in fining public bodies such as Customs and Revenue or NHS? All you're doing is shovelling money from one government department to another. If you want to penalise public bodies then the only solution is start firing people.

  16. Gerrit Hoekstra

    Not an incentive for public offices to get it right

    So, if HMRC screws up again, they get fined and pay the fine out of the tax-payers' coffer. The money goes into the tax-payers' coffer. Next year, HMRC ask for more money from the tax payer to fill the hole caused by the fine. They get more money, screw up again, get fined, cough up, ad nauseum...

    Where's the punishment?

  17. Alan Gregory 1

    What about crossley?

    So if they drop the fine on e smaller organisation

    What about crossley @ acs law???

  18. Anonymous Coward
    Anonymous Coward

    Low fines

    "if HM Revenue and Customs committed a data breach similar to its loss of 25 million people's details in 2007, he would apply 'the max' penalty, describing it as 'the horror benchmark'."

    £500,000 for losing data on 25 million people is 2p each. The fines should start at £1 per individual with bigger fines for exceptional negligence.

  19. url
    Thumb Down

    fine google the maximum...

    ...and then what?

    Essentially they've paid 1/2 million sheets to get away with nationwide data rape.

    Yeah, that'll stop them dead in their tracks.

    Obviously, they'wont be allowed to keep the data, but will they be allowed to keep their analysis of the data. Seems more than likely right.

  20. Da Weezil

    Real Teeth.

    Firing them is one thing, how about also barring them from holding any position where they have responsibility for / access to private data.. and before anyone starts whining about unfair restrictions on employment.. if you lose your driving licence.. you lose the ability to hold a driving job.. this is no different.

    I'm sure the friendly people at the job centre will be able to harass them into some lowly paid menial task...or is that a fate reserved for the lesser proles in our society? Perhaps while they are doing a less demanding job they will have time to reflect on their attitude to other peoples security and privacy.

  21. Anonymous Coward
    Anonymous Coward

    Bark or whimper?

    While the loss of £500,000 might bother a small firm, it won't even scratch the paint on the large organisations who do the worst damage, they'll just view it as another unfortunate cost of doing business, like paying the minimum wage.

    Why have a limit at all? Far better to have a formula that relates to turnover/profits and delivers a predetermined amount of punch at every level from the smallest to the largest, the level set according the severity of the offence. - perhaps no accident that they dont. And why stop at fines? Until the worst offences result in negligent individuals doing a stint in chokey, its still "someone else's money" - ours in the case of public bodies. Those involved with serious losses should also be subject to much, much closer, more regular and more invasive scrutiny of their data handling processes - ultimately banned from handing personal data at all if they adhere to standards.

    Illegal commercial exploitation of personal data, such as Phorm/BT and Google, is another game again, and really requires very severe punitive measures to act as any form of worthwhile deterrent; getting caught needs to hurt rather than irritate.

    None of this will happen, and I really can't see why the ICO even bothers trying to persuade us they are serious about data protection when virtually every statement from them proves otherwise.

  22. The Other Steve

    Do no stupid

    Fuck fines, a criminal record for the data controller would focus the mind wonderfully. No more civil service arse covering. If you're the controller and the breach happened on your watch, your ass is going to be in front of a judge. And fuck letting people off, breach should be a strict liability offence, no more of this cosy old uncle ICO having a quiet chat bullshit.

    And if one of those fines isn't for ACS Law, then ICO might as well put its offices up for sale. I mean FFS, who else could have the option to fine Google 500,000 quid for criminal acts and not take it ? Surely "we're tough on data protection and will bring the full weight of the law down onto offenders, whoever they are" would have been a better message to send out than "We'll probably still let you off in any case"


    Penalties are only one part of the problem.

    Lack of independence is another (according to EU Fundamental Rights Agency).

    Lack of competence is another (according to the ICO themselves).

    Until the ICO are comprehensively reformed, and particularly the existing ICO management ejected onto the street, its hard to have any confidence in these corrupt handwringing muppets.

This topic is closed for new posts.

Other stories you might like