The ICO, who said in September that the first data fines were “imminent,” now says that they are “on the way.” Kable writes:
The information commissioner will announce the first organisations to be fined for failing to protect data later this month.
Christopher Graham said that the fines of up to £500,000 “give the ICO the teeth that many people in the past said it lacked”. The ICO gained the ability to issue such penalties on 6 April, along with other powers including the option of auditing public sector organisations without their consent.
Speaking at Kable’s Information Security event in London on 3 November 2010, Graham said that if HM Revenue and Customs committed a data breach similar to its loss of 25 million people’s details in 2007, he would apply “the max” penalty, describing it as “the horror benchmark”.
Read more in The Register.
“Organizations?” So will not be just one entity fined? Interesting.
The ICO’s statement comes at a time when he and his office have been under heavy criticism for not conducting their own detailed investigating of the Google Street View wi-fi mess and then for letting Google off too lightly for what they described as a “significant” breach.