in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Archives

AlertBoot Endpoint Security

AlertBoot offers a cloud-based full disk encryption and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

No Custodial Sentences for UK DPA Breaches

Beginning in 2006, the Information Commissioner's Office (ICO) has called for imprisonment as punishment for offenders of the Data Protection Act.  The ICO made this proposal in a special report titled "What Price Privacy? The Unlawful Trade In Confidential Personal Information".  As of October 2011, custodial sentences are still absent as a form of punishment.  However, this may change in the foreseeable future:

In the 2006 report, it was found that over half of those surveyed thought it was a good idea to  jail people who breached the DPA.  My own coverage, since 2007, of on-line comments of UK data breaches shows a more subtle but very pronounced level of agreement by disaffected UK citizens.  I'd estimate the figure at around thirty percent or so.  The figure, while not the majority found in the ICO's report, is quite large and possibly enough to provide the impetus to finally make custodial punishments a reality.

In the half-decade since the paper was published there has been a change of guard at the commissioner's office.  Maximum fines were increased to an astounding £500,000 per violation of the DPA.  And, there seems to be a general agreement that massive monetary penalties might not pose as much of a deterrent as custodial sentences or a combination of both.

Commitment for Introducing Custodial Sentences

In October 2011, British politicos openly supported giving the ICO the ability to hand out prison terms to those who break the DPA.  This Information Commissioner had been very publicly asking for such powers since at least early 2010.

However, a little-known fact is that Parliament has already voted on this issue and approved the matter: the Secretary of State was given the power to introduce custodial sentences in the Criminal Justice and Immigration Act 2008.  This has yet to be implemented, however.

It remains to be seen what will happen in the future.  However, it should be noted that implementing good data security practices that meet the spirit of the Data Protection Act is not an overnight affair.  Waiting to see what happens, and then going forward with data security implementation — assuming monetary fines are not much of a deterrent for your organisation — could be a recipe for trouble.

If anything, the time to focus on your data security issues is now, when all signs indicate an extension (and consolidation) of power to the ICO as data breach issues reach ever-higher water marks.

 
<Previous Next>

DPA Data Controller Penalty: Maximum £500,000 Fine

What Offences Exist Under the UK Data Protection Act?

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.