I agree - the ICO should be kicking some serious arse and collecting every penny of the fines discussed in the story. Only when CEOs see massive holes in their company's P+L, and by extension their bonus, will information security be taken seriously (and hopefully by further extension IT budgets in general). It's quite reasonable that the proceeds of those fines help fund further enforcement. I'm not against that, but I am suggesting some caution regarding a direct link between enforcement and income that could lead to the system being gamed in some way that is detrimental to wider society.
It ought to be the aim of any regulator to do such a good job that it does itself out of a job. That's probably unlikely but we all know the stories of "If you don't spend it this year you won't get it next year" to realise that the budget won't be reduced, unless some Government minister decides it's in their interest to forcibly cut it.
Biting the hand that feeds IT
