Huge jump in number of fines for data breaches
Posted on 15 August 2012.
Bookmark and Share
The Information Commissioner's Office (ICO) has revealed a huge increase in the number of penalties handed out for organisations in breach of the Data Protection Act. Over the last year, ICO has issued 68 warning notices for data security lapses, which is up 48 percent from the same point last year. Its fines reached nearly £2m over the last year.

According to these figures, the ICO has also increased the amount and frequency of fines it hands out, with 15 fines totalling £1.8m imposed over the past year – a significant increase on the mere six fines totalling £431,000 it handed out in the previous year.

Ross Brewer, vice president and managing director for international markets, LogRhythm, has made the following comments:

It is about time the ICO took a much tougher approach when dealing with data breaches, given the somewhat lacklustre approach of previous years. In today’s information age, nominal fines and letter-writing initiatives to warn about data handling simply do not cut it – hence the almost constant stream of data incidents still hitting headlines.

The ICO clearly needed to step up its activities – particularly as our own research showed that at the end of last year, 64 percent of UK consumers didn’t even know what the ICO was. In any case, of those that had heard of the ICO, just 33 percent thought it was doing a good job.

That said, these latest figures from Syscap clearly indicate a changing tide. The ICO seems to be taking data security more seriously and organisations will have no choice but to take heed if they wish to avoid the financial and reputational repercussions of a breach.

With the growing number of fines that the ICO is dishing out, it will be much easier for the public to identify those organisations that are being irresponsible with their data – and as an additional incentive, the increased penalty per organisation ensures that the impact on the bottom line will certainly be felt.

For organisations, the only way to prevent becoming the next victim of an embarrassing breach or damaging fine from the ICO is to move away from compliance-led IT to a best practice, holistic data security model. Rather than focusing on traditional perimeter IT protection solutions which reactively ‘fence out’ threats, instead, organisations should be embracing approaches that proactively and continuously monitor all IT log data generated by systems.

This enables the identification of seemingly unconnected events that indicate aberrant behaviour, ultimately allowing for the enable real-time remediation of any network anomalies and ensures constant compliance rather than on a case-by-case basis.





Spotlight

OpenBSD team forks OpenSSL to create safer SSL/TLS library

Posted on 22 April 2014.  |  Members of the OpenBSD project have begun working on a free version of the SSL/TLS protocol. They are not starting from scratch, but have forked OpenSSL to create a new, more secure option which they have dubbed LibreSSL.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Apr 22nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //