IT Governance Blog on IT governance, risk management, compliance and information security.

• Does your organisation comply with the DPA?
• Do you want to avoid fines and censure for data breaches?
• How do you manage personal data legally and effectively?

This interactive and enjoyable one-day course gives both new and experienced staff and management – those involved with or responsible for personal data – an oversight of what the Data Protection Act means to their business also to their own rights as an individual.
(more…)

Purchase this Complete Data Protection Toolkit by Friday 19th February get a free copy of Data Breaches: Trends Costs and Best Practices - Worth £195!

Penalties for non-compliance are expected to be:

• Fines of up to £500,000 for serious contraventions of the DPA;
• 25 Monetary Penalty Notices (MPNs) are expected to be issued each year by the ICO;
• Prison sentences for deliberate, or negligent, customer data leaks by individuals within an organisation;
• DPA compliance costs are set to rise accordingly for UK organisations.

These penalties will be enforceable by the Information Commissioner’s Office (ICO) from 6th April 2010!

It’s now more important than ever that you meet the requirements of the DPA. There is a narrow window of opportunity for organisations to review their privacy practices and information governance in order to prepare for what will be the much more hostile regulatory environment to come.
(more…)

In a January blog post titled DATA PROTECTION: Act now or pay the price, I outlined the penalties which the Information Commissioner’s Office (ICO) will introduction for breaches of the data protection act (DPA) 1998.

The penalties expected are likly to be:

• Fines of up to £500,000 for serious contraventions of the DPA;
• 25 Monetary Penalty Notices (MPNs) are expected to be issued each year by the ICO;
• Prison Sentences for deliberate or negligent customer data leaks by individuals within an organisation;
• DPA compliance costs are set to rise accordingly, for UK organisations.

I went on to stress that there is now a narrow window of opportunity for organisations to review their privacy practices and information governance in order to prepare for what will be the much more hostile regulatory environment to come.

How are you getting on?
(more…)

Act Now – Buy the Complete Data Protection Toolkit

“The Information Commissioner’s Office (ICO) will be able to order organisations to pay up to £500,000 as a penalty for serious breaches of the Data Protection Act,” said an ICO statement. “The ICO has produced statutory guidance about how it proposes to use this new power, which has been approved by the Secretary of State for Justice, and was laid before Parliament earlier this week.”
(more…)

At this moment in time, the Information Commissioner’s Office (ICO) are going through two Government consultations which will see the introduction of new penalties, unlike any seen before, for breaches of the data protection act (DPA) 1998. The ICO have also been granted new statutory powers to audit government departments.

The data protection ragime in the UK has never looked so intimidating!

What penalties are likely to be available to the ICO?
(more…)

We have established over the last few weeks that 2010 will see much tougher penalties for dpa non-compliance and a much more hostile regulatory environment.

As a counter-measure, and to help organisation meet the requirements of the DPA we have created the DPA Compliance Kit. This kit is comprehensive and walks you through all the steps necessary to achieve compliance cost effectively and in good time.

This PDA Compliance Kit contains all the tools for doing it yourself.

• DPA Compliance Assessment Tool;
• DPA Compliance Documentation Toolkit;
• Data Protection Compliance in the UK – Pocket Guide; &
• How to Survive a Data Breach – Pocket Guide.

(more…)

2010 will see the introduction of penalties unlike any seen before for breaching the Data Protection Act (DPA)!

• Fines of up to £500,000 will be levied by the ICO for serious contraventions of the DPA;
• 25 Monetary Penalty Notices (MPNs) expected to be issued each year by the ICO;
• Prison Sentences will be introduced for deliberate or negligent customer data leaks by individuals within an organisation;
• DPA compliance costs for UK organisation set to rise accordingly.

With the Information Commissioner’s Office (ICO) going through two government consultations and with new statutory powers to audit government departments, the data protection ragime in the UK has never looked so intimidating.
(more…)

• Reports are being investigated of a major credit card scam in Spain;
• Two suspected computer hackers have been arrested in Manchester in a major inquiry into a global internet scam designed to steal personal details;
• The personal details of 817 E.On customers have been disclosed in error.;
• T-Mobile staff sold personal data.

These are just a few headlines from the press this week!

The Information Commissioner, Christopher Graham, is highlighting new evidence which shows that a deterrent custodial sentence is required to stop the trade in unlawful personal information. Christopher Graham is responding to the government’s proposal to introduce a custodial sentence for breaches of Section 55 of the Data Protection Act from 1 April 2010.
(more…)

• 711 organisations across the public, private and third sectors have reported security breaches to the ICO since 25 million child benefit records went missing two years ago this month;
• 231 of these involved theft;
• Several organisations have signed formal Undertakings to step up security at premises to ensure that people’s personal details are adequately protected;
• Over 200 private sector firms have reported breaches to the ICO and 209 NHS bodies, which tend to hold some of the most sensitive personal data such as health records, have identified breaches.

Since November 2007 the Information Commissioner’s Office (ICO) have taken action against 54 organisations for the most reckless breaches.

Some of these breaches would trigger a significant fine for organisations were they to occur after the introduction of monetary penalties in 2010.

The Ministry of Justice is considering allowing the ICO to impose fines of up to half a million pounds in the most serious cases.

On top of its new powers from 2010, the ICO will also be increasing its auditing role to ensure greater compliance with the Data Protection Act and new powers contained in the Coroners and Justice Bill would give the ICO formal inspection powers across government.
(more…)