Almost one month ago, the UK’s ICO announced that fines for data breaches were “imminent.” Maybe “imminent” means something different in UK English than in New Yorkese, where we tend to be impatient, but nothing happened.
Now Peter Judge of eWeek suggests that, for a variety of reasons, Google might make a good first target. I hope that the ICO does not share his thinking, as I think the first ICO fine should be a UK entity – like one of the numerous NHS trusts that keep having easily avoidable breaches. He doesn’t need to fine them the maximum, but a fine to show that the ICO is serious would send a pointed reminder to all NHS trusts that enough is enough. Or maybe the first fine should be ACSLaw for their failure to adequately secure the data they collected.
Google goofed, no doubt, but they could not have collected the data if people had secured their wi-fi. Blaming Google for what anyone driving by could have done seems a bit ridiculous. Fine an entity that actually had a responsibility to protect data and didn’t.