IT Governance Blog on IT governance, risk management, compliance and information security.

Purchase this Complete Data Protection Toolkit by Friday 19th February get a free copy of Data Breaches: Trends Costs and Best Practices - Worth £195!

Penalties for non-compliance are expected to be:

• Fines of up to £500,000 for serious contraventions of the DPA;
• 25 Monetary Penalty Notices (MPNs) are expected to be issued each year by the ICO;
• Prison sentences for deliberate, or negligent, customer data leaks by individuals within an organisation;
• DPA compliance costs are set to rise accordingly for UK organisations.

These penalties will be enforceable by the Information Commissioner’s Office (ICO) from 6th April 2010!

It’s now more important than ever that you meet the requirements of the DPA. There is a narrow window of opportunity for organisations to review their privacy practices and information governance in order to prepare for what will be the much more hostile regulatory environment to come.
(more…)

In a January blog post titled DATA PROTECTION: Act now or pay the price, I outlined the penalties which the Information Commissioner’s Office (ICO) will introduction for breaches of the data protection act (DPA) 1998.

The penalties expected are likly to be:

• Fines of up to £500,000 for serious contraventions of the DPA;
• 25 Monetary Penalty Notices (MPNs) are expected to be issued each year by the ICO;
• Prison Sentences for deliberate or negligent customer data leaks by individuals within an organisation;
• DPA compliance costs are set to rise accordingly, for UK organisations.

I went on to stress that there is now a narrow window of opportunity for organisations to review their privacy practices and information governance in order to prepare for what will be the much more hostile regulatory environment to come.

How are you getting on?
(more…)

Every organization who collects, owns or licenses personal information about a resident of Massachusetts will have to be in full compliance with 201 CMR 17.00 on or before March 1, 2010.

The term “personal information” is defined so broadly that nearly every Massachusetts business must comply with the regulations.

Specifically, personal information is defined as an individual’s name, accompanied by one or more of the following:

• Social Security number,
• driver’s license,
• state ID number, or
• financial account number (bank accounts, credit cards).

It is hard to imagine any Massachusetts businesses that do not handle or maintain personal information!
(more…)

Pre-Order this concise guide and learn how to manage risk in the cloud!

Pre-order this book using Voucher Code: “cloud2010” to save 10%!

• Pre-order the Softcover;
• Pre-order the eBook.

Cloud Computing will bring many benefits to organisations, some of which include reducing operating costs, reducing power consumption and freeing you up to focus on your core business.

The concept of shifting computing to a shared service provider is not new. What may be new is that the cost of Cloud Computing is falling so dramatically that considering outsourcing to the Cloud is no longer rare, and it is now accessible enough that any individual or organisation can use it to their advantage.
(more…)

Act Now – Buy the Complete Data Protection Toolkit

“The Information Commissioner’s Office (ICO) will be able to order organisations to pay up to £500,000 as a penalty for serious breaches of the Data Protection Act,” said an ICO statement. “The ICO has produced statutory guidance about how it proposes to use this new power, which has been approved by the Secretary of State for Justice, and was laid before Parliament earlier this week.”
(more…)

At this moment in time, the Information Commissioner’s Office (ICO) are going through two Government consultations which will see the introduction of new penalties, unlike any seen before, for breaches of the data protection act (DPA) 1998. The ICO have also been granted new statutory powers to audit government departments.

The data protection ragime in the UK has never looked so intimidating!

What penalties are likely to be available to the ICO?
(more…)

Leading internet solutions provider Foreshore has become the first Channel Islands datacentre to have attained Payment Card Industry Data Security Standard (PCI DSS) Level One service provider compliance – recognised as the global industry standard for payment account data security.

The cost of online fraud to individuals and businesses is measured in billions every year, with the UK suffering an estimated 20%* of all global ‘phishing’ attacks. Data security is now a top priority for the finance and e-commerce industries and service providers with this accreditation can only add to Jersey’s reputation as a data secure jurisdiction.
(more…)

The data protection regulatory environment is about to become far more hostile and intimidating as the Information Commissioner’s Office will gain extra powers in 2010.

The planned new penalties are of unprecedented severity. From April 2010, the ICO expects to impose 25 monetary penalty notices every year for breaches of the DPA. Those fines could be as much as £500,000 each for serious contraventions. Any company, or organisation, failing to take reasonable measures to comply will be in the firing line. There could even be prison sentences for deliberate, or negligent, customer data leaks by individuals within an organisation.

Well managed organisations will see this as an opportunity to put in place an effective information security management system (ISMS), and become certified to the internationally recognised standard for information security management, ISO 27001.

What’s the most effective route to certification?
(more…)

We have established over the last few weeks that 2010 will see much tougher penalties for dpa non-compliance and a much more hostile regulatory environment.

As a counter-measure, and to help organisation meet the requirements of the DPA we have created the DPA Compliance Kit. This kit is comprehensive and walks you through all the steps necessary to achieve compliance cost effectively and in good time.

This PDA Compliance Kit contains all the tools for doing it yourself.

• DPA Compliance Assessment Tool;
• DPA Compliance Documentation Toolkit;
• Data Protection Compliance in the UK – Pocket Guide; &
• How to Survive a Data Breach – Pocket Guide.

(more…)

2010 will see the introduction of penalties unlike any seen before for breaching the Data Protection Act (DPA)!

• Fines of up to £500,000 will be levied by the ICO for serious contraventions of the DPA;
• 25 Monetary Penalty Notices (MPNs) expected to be issued each year by the ICO;
• Prison Sentences will be introduced for deliberate or negligent customer data leaks by individuals within an organisation;
• DPA compliance costs for UK organisation set to rise accordingly.

With the Information Commissioner’s Office (ICO) going through two government consultations and with new statutory powers to audit government departments, the data protection ragime in the UK has never looked so intimidating.
(more…)