Disclose data breaches to us proactively, and we’ll lower any fines

Emma Woollacott reports:

British businesses could face lower fines if they proactively report data breaches, thanks to an agreement between the UK’s data protection regulator and cybersecurity agency.

The Information Commissioner’s Office (ICO) and National Cyber Security Centre (NCSC) say they plan to encourage engagement with the NCSC in the event of a breach, and allow meaningful engagement with the NCSC to lead to reduced regulatory penalties.

Read more at Forbes.

Woollacott cites the ICO’s report last year indicating that compliance with GDPR’s 72- hours deadline to report a breach to the ICO was only occurring in fewer than a third of breaches involving personal data since 2019. Offering the possibility of reduced fines for compliance — if couples with the ICO actually imposing fines for noncompliance — may work well.

UN Cybercrime Convention to be signed in Hanoi to tackle global offences
ModMed revealed they were victims of a cyberattack in July. Then some data showed up for sale.
Toys “R” Us Canada customers notified of breach of personal information
Gatineau gymnastics centre warns members of possible data breach
Data breach in 42 Latvian municipalities: DVI imposes 300,000 euro fine on ZZ Dats
Confidence in ransomware recovery is high but actual success rates remain low

Disclose data breaches to us proactively, and we’ll lower any fines — ICO

Related: