The UK Information Commissioners Office (ICO) is to get powers to fine all organisations up to £500K for data breaches as of the 6th April 2010. The size of the fine will depend on the seriousness of the breach, the organisation's financial resources and the sector it serves.
Financial organisations already faced steep penalties for data breach from the FSA, who for example fined HSBC £3M for data breaches in July 2009, but the ICO’s powers extend to all organisations. As UK data breach legislation grows real teeth, business can no longer afford to ignore the issue of data security. The ICO’s new powers should be a wake-up call for UK organisations’ that have not yet put good measures in place to safeguard sensitive data. Given the large fines that organisations will face from April this year, most companies clearly need to make data security a priority.
So, how should companies go about protecting their most sensitive data? Encryption is generally accepted to be one of the best ways to secure information as it renders any data entirely unreadable and therefore useless to criminals. The good news is that encryption is now a mainstream technology and is relatively easy and cost-effective for businesses to deploy.
With tough new legislation around the corner, combined with a seemingly ever increasing number of data breaches hitting the headlines and hefty penalties for non-compliance, it is clear that now is the time to take action. Businesses must make sure that they have the security in place to prevent data breaches, and the associated fine, from adversely affecting their business.