The Information Commissioner’s Office (ICO) has said that it is gearing up to hand out historic fines against various businesses and organisations which it has found to be in breach of the rules of the Data Protection Act after the loss or theft of private information.
The ICO’s David Smith said that by imposing these fines, it would send out a message to all firms, showing that the consequences of improper security and data handling policies would be severe.
Mr Smith told V3.co.uk that many observers had questioned whether or not the ICO would actually use new powers and hand out significant fines to offending firms. He explained that impending action would prove that it does not stand for businesses who do not meet the data protection standards expected of them.
Mr Smith would not divulge any information relating to the businesses being targeted by the ICO, but promised that further details would be published online with relative speed.
The ICO’s detractors have not only complained that it has failed to use its powers to fine with any kind of frequency, but have also pointed out that the half a million pound maximum, which was introduced earlier in the year, cannot be seen as a significant sum by the largest businesses who have the potential to suffer from the biggest data loss incidents.
The ICO wants to see businesses and organisations take responsibility for the data which they are charged with protecting and Mr Smith said that firms would also need to adhere to data retention limits and erase personal details after the expiry of the agreed upon term, rather than clinging to old information for as long as possible.
The most divisive aspect of Mr Smith’s statement was an allusion to home phone and broadband provider TalkTalk, which recently got into hot water, because it was monitoring the web activities of users, in order to test a new anti-malware service. Mr Smith said that firms could not get away with acting in a clandestine manner just because they were conducting a trial.
The ICO aims to make data protection more transparent, so that ordinary people can be assured that their information will be kept safe, without having to scour the terms and conditions of a given service.
