Earlier this week we marked two months since the introduction of the Information Commissioner's Office's (ICO) increased fines.
There are no doubts that a reign of fear has lifted spending on security and compliance.
Keen to express its views, BlockMaster asked whether ‘it was time that the ICO started flexing some muscle and fining businesses that lose data'.
With West Berkshire Council, Lampeter Medical Practice and Gwent Police all experiencing major data losses recently, BlockMaster CSO Anders Pettersson said that despite having the power to punish organisations the ICO has yet to impose a single fine.
He said: “This is not a promising start to what most thought would be a new revolution in data security. What the industry needs is a ‘zero tolerance' policy, which can be enforced when data is lost. If organisations are allowed to lose vast amounts of information and escape with only a ‘slap on the wrist' the ICO will lose credibility and business security will be continually compromised.
“The ICO should set an example to public bodies and businesses alike by issuing a monetary fine which reflects the size of the incident. By doing this, others will see that the ICO means business and that data needs to be treated with the utmost care, rather than bolting the stable door after the horse has bolted. It shouldn't take a major loss and a news scandal to push companies into action.
“Over the last three years enough data has been lost by different organisations for the message to sink in, but if the fear of lost reputation and public mistrust isn't enough, these sanctions should be backed up with a hefty fine. However, until the ICO takes a stand and starts making examples of organisations, nothing will change and user data will always be at risk.”