When the Information Commissioner’s Office (ICO) receives its new powers to level heavy fines against firms that fail to uphold the regulations of the Data Protection Act (DPA) this week, experts believe that many will be under-prepared for the implications of the changes in the rules governing data.
The ICO’s ability to demand up to £500,000 from a business for a single DPA breach is intended to heighten awareness as to the dangers of data loss and aid with the prevention in the future. The ICO has been seeking greater punitive powers for years and was finally granted them in January of this year.
Christopher Graham, the Information Commissioner, said that the increasing prevalence of online consumer transactions is allowing public and private organisations to amass huge amounts of data. Improper use and inadequate protection of this data is leading at the very least to embarrassment for those businesses involved and putting everyone at risk of fraud.
Mr Graham said that he would prefer to work with businesses and organisations to ensure that data protection was properly practised, but also warned that he would not be lenient in his application of the ICO’s new powers.
Some business leaders have gladly accepted the growing powers of the ICO, since in the past it has been seen as something of an impotent regulatory body.
Legal expert Jonathan Nugent told V3 that the ICO standards covering data protection would need to be carefully studied by businesses in order to ensure full compliance. The seemingly endless stream of data loss disasters over the last few years are said to be a sign that regulatory changes were necessary.
Mr Nugent believes that the ICO will continue to take on new powers in the future, with the potential for custodial sentences being imposed if a particularly serious breach occurs.
Others believe that although the ICO’s new powers are undoubtedly a positive step, there is a likelihood that many businesses will be unaware as to the changes. It is suggested that many firms will need to review their current data protection policies in order to ensure that they meet with ICO standards.