The Information Commissioner's Office (ICO) has said that it is waiting with 'baited breath' for the first of its £500,000 fines to be handed out.
Speaking in the opening keynote at Infosecurity Europe, deputy commissioner at the ICO, David Smith, said that data privacy and security go hand in hand but it has been a problem area.
He said that there was a need to talk to the security industry about privacy and to 'plug the gap', but on the new powers, he said that the ICO had been doing voluntary audits but it now has the power to audit companies without consent.
He said: "It is though, a power for the moment that is confined to government departments, and we can order without consent. We have to argue to government to designate public sector orders and other organisations, NHS trusts are an example of where we may see that designation because of the sensitivity of the data."
He said that the £500,000 fines were introduced for 'serious data protection breaches', such as those at the Ministry of Defence and HMRC.
"Up until now the powers were about enforcement notice and to check that things were being done right, and there was no punishment for those who were seriously negligent, and we are waiting with 'baited breath' for the first of the £500,000 fines to be handed out," he said
He further commented that breach notification is currently voluntary, but there was every prospect that it would become a legal requirement. He also commented that the ICO had been arguing for prison sentences for those who 'con' information out of companies and sell on data.
He concluded by saying: "We have got some new powers so we are not the toothless bulldog or tiger that we were described as. The audit is not to catch you out but to get it right, but we still believe very much that the majority will get it right and we have to work together to take a risk-based approach for the minority."