IT Governance Blog on IT governance, risk management, compliance and information security.

• Does your organisation comply with the DPA?
• Do you want to avoid fines and censure for data breaches?
• How do you manage personal data legally and effectively?

This interactive and enjoyable one-day course gives both new and experienced staff and management – those involved with or responsible for personal data – an oversight of what the Data Protection Act means to their business also to their own rights as an individual.
(more…)

Purchase this Complete Data Protection Toolkit by Friday 19th February get a free copy of Data Breaches: Trends Costs and Best Practices - Worth £195!

Penalties for non-compliance are expected to be:

• Fines of up to £500,000 for serious contraventions of the DPA;
• 25 Monetary Penalty Notices (MPNs) are expected to be issued each year by the ICO;
• Prison sentences for deliberate, or negligent, customer data leaks by individuals within an organisation;
• DPA compliance costs are set to rise accordingly for UK organisations.

These penalties will be enforceable by the Information Commissioner’s Office (ICO) from 6th April 2010!

It’s now more important than ever that you meet the requirements of the DPA. There is a narrow window of opportunity for organisations to review their privacy practices and information governance in order to prepare for what will be the much more hostile regulatory environment to come.
(more…)

In a January blog post titled DATA PROTECTION: Act now or pay the price, I outlined the penalties which the Information Commissioner’s Office (ICO) will introduction for breaches of the data protection act (DPA) 1998.

The penalties expected are likly to be:

• Fines of up to £500,000 for serious contraventions of the DPA;
• 25 Monetary Penalty Notices (MPNs) are expected to be issued each year by the ICO;
• Prison Sentences for deliberate or negligent customer data leaks by individuals within an organisation;
• DPA compliance costs are set to rise accordingly, for UK organisations.

I went on to stress that there is now a narrow window of opportunity for organisations to review their privacy practices and information governance in order to prepare for what will be the much more hostile regulatory environment to come.

How are you getting on?
(more…)

Act Now – Buy the Complete Data Protection Toolkit

“The Information Commissioner’s Office (ICO) will be able to order organisations to pay up to £500,000 as a penalty for serious breaches of the Data Protection Act,” said an ICO statement. “The ICO has produced statutory guidance about how it proposes to use this new power, which has been approved by the Secretary of State for Justice, and was laid before Parliament earlier this week.”
(more…)

At this moment in time, the Information Commissioner’s Office (ICO) are going through two Government consultations which will see the introduction of new penalties, unlike any seen before, for breaches of the data protection act (DPA) 1998. The ICO have also been granted new statutory powers to audit government departments.

The data protection ragime in the UK has never looked so intimidating!

What penalties are likely to be available to the ICO?
(more…)

The data protection regulatory environment is about to become far more hostile and intimidating as the Information Commissioner’s Office will gain extra powers in 2010.

The planned new penalties are of unprecedented severity. From April 2010, the ICO expects to impose 25 monetary penalty notices every year for breaches of the DPA. Those fines could be as much as £500,000 each for serious contraventions. Any company, or organisation, failing to take reasonable measures to comply will be in the firing line. There could even be prison sentences for deliberate, or negligent, customer data leaks by individuals within an organisation.

Well managed organisations will see this as an opportunity to put in place an effective information security management system (ISMS), and become certified to the internationally recognised standard for information security management, ISO 27001.

What’s the most effective route to certification?
(more…)

We have established over the last few weeks that 2010 will see much tougher penalties for dpa non-compliance and a much more hostile regulatory environment.

As a counter-measure, and to help organisation meet the requirements of the DPA we have created the DPA Compliance Kit. This kit is comprehensive and walks you through all the steps necessary to achieve compliance cost effectively and in good time.

This PDA Compliance Kit contains all the tools for doing it yourself.

• DPA Compliance Assessment Tool;
• DPA Compliance Documentation Toolkit;
• Data Protection Compliance in the UK – Pocket Guide; &
• How to Survive a Data Breach – Pocket Guide.

(more…)

2010 will see the introduction of penalties unlike any seen before for breaching the Data Protection Act (DPA)!

• Fines of up to £500,000 will be levied by the ICO for serious contraventions of the DPA;
• 25 Monetary Penalty Notices (MPNs) expected to be issued each year by the ICO;
• Prison Sentences will be introduced for deliberate or negligent customer data leaks by individuals within an organisation;
• DPA compliance costs for UK organisation set to rise accordingly.

With the Information Commissioner’s Office (ICO) going through two government consultations and with new statutory powers to audit government departments, the data protection ragime in the UK has never looked so intimidating.
(more…)

In 2010 there will be two important compliance laws introduced which will affect the majority of North American organizations and many global organization too.

45 US States followed California when they introduced “SB1386“, the Security Breach Information Act, which has specific and restrictive privacy breach reporting requirements.

1. From the 1st January 2010, ALL businesses that collect or transmit payment card information, will be legally obliged, by Navada Law, to comply with PCI DSS.
2. Every organization who collect, owns or licenses personal information about a resident of the Commonwealth shall be in full compliance with 201 CMR 17.00 (The Massachusetts Data Protection Law) on or before March 1, 2010.

(more…)

The Information Commissioner’s Office (ICO) have launched a new Guide to Data Protection which aims to “provide businesses and organisations with practical advice about the Data Protection Act and dispel myths. The guide will help organisations safeguard personal data and comply with the law.” explained Christopher Graham, Information Commissioner.

This new guide will help organisations comply with the law and demystify data protection. Once you have read it, you will need make an assessment of your current level of compliance with the DPA.

Our DPA Compliance Assessment Tool will help you with this. It also provides recommendations and identifies guidance to help you close any gaps that are identified.
(more…)