Those companies which fail to adequately protect their data could risk incurring serious financial penalties if new legislation is brought to bear.
The maximum fine for failing to adhere to rules laid out by the Data Protection act may be raised to £500,000.
The Ministry of Justice has unveiled a consultation paper which broke the news that CMPs (Civil Monetary Penalties) will be set to rise in order to improve data security and put an end to the culture of complacency.
Under the current rules, the Information Commissioner’s Office (ICO) is required to successfully prosecute a firm in order to impose a fine. Even with a successful court case the maximum amount payable by the guilty party is £5000, which many do not consider to represent an adequate deterrent.
When the consultation period ends on the 21st of December those involved will be required to submit their views on the proposal of the half a million pounds fine. The respondents will be considering evidence presented to them in the consultation, which has been titled ‘Civil Monetary Penalties: Setting the maximum penalty’
A government spokesperson indicated that the aim of the new rules would be to ensure that businesses take responsibility for the security of their data. It was also emphasised that businesses would be required to adhere to the legal requirements of information handling more thoroughly than in the past with the increased financial penalties acting as a preventative incentive.
The news that the financial penalties for data security negligence are increasing has arrived shortly after it emerged that the ICO would be seeking to create the option of custodial sentences in addition to fines.
Experts who heard Information Commissioner Christopher Graham’s proposals were generally in favour of harsher sentencing for the most severe incidences. With both public and private sector organisations suffering security breaches and data loss or theft it seems to many that the most sensible root to take is one of robust legislation and increased industry awareness.
Many will be interested to see whether the proposals are considered to be adequate, excessive or overly lenient. With millions of pieces of personal information stolen or destroyed annually, even tougher measures could be imposed in the future.
