The Data Protection Act: the ICO demonstrates that the cost of compliance is greater than the cost of non-compliance
The Information Commissioner, Christopher Graham, is being decidedly unfair to the security industry. Consider this: fear sells. Government does it all the time. It keeps us in constant fear of terrorists, pedophiles, drug runners, gun runners, Katie Price, identity thieves and the Russian Mafia so that we will buy its lies about the need to curtail our liberty to keep us safe on the street. Security vendors do the same – they keep us in constant fear of cyber terrorists, online purveyors of child abuse, money mules, Katie Price, identity thieves and the Russian Mafia so that we will buy their products to keep ourselves safe online.
But we have to be afraid, or none of it works.
Enter the Information Commissioner. Last April he gained the power to enforce his responsibility for the Data Protection Act by levying fines of up to £500,000. What music to the ears of the security industry – something else for us to be afraid of! Another reason to buy security products; this time to help us comply with the Data Protection Act.
But what a let down Mr Graham has been!
Of the 2,565 data leaks reported to the watchdog in the past year, the ICO has only taken action in 36 cases and handed out only four fines, according to data revealed by ViaSat UK under the Freedom of Information Act.
ICO acts on only 1% of reported data breaches
I’m not sure of the maths here, but nevermind. The point is very clear – if you breach the Data Protection Act you are overwhelmingly likely to get away with it. So what does that do? It tells us that the cost of compliance is considerably greater than the cost of non-compliance. In other words, don’t bother about the Data Protection Act. And don’t bother buying any security products to help with compliance.
He’s so unfair!