24 September 2012

At present the ICO are enforcing the data protection law through monetary penalties but are pressing for a change.

There is not yet a timeline for the introduction for custodial sentences however the ICO have been pushing for this for some time now.

The ICO clarified that the sentences would be for malicious data breaches, for breaches whereby someone has deliberately set out to break the law.  Sentences would not be handed out unfairly to someone failing while giving their best.

The deputy commissioner and director for data protection at the ICO, David Smith, spoke at the Gartner Security and Risk Management Summit in London.

David Smith has made it clear that monetary penalties being issued are not related to the breach itself but rather the lack of security causing the breach, staff training and system setup. Security has taken the back seat due to cost saving and complacency.  He explained human failure is behind all breaches the ICO investigate and organisations are not doing enough to protect themselves.

The government is not keen to create more crimes that carry out prison sentences; however Leveson will be taking it into consideration.

Only time will tell however this seems the route that will inevitably follow.  Smith feels the possibility for custodial sentences to be introduced is high.

SC Magazine: https://insight.scmagazineuk.com/