The UK has crossed the Rubicon in data protection, and regulation will only get tougher from now on, says a data protection and privacy lawyer.
"We are in a regulatory bear market," said Stewart Room, partner at Field Fisher Field Fisher Waterhouse.
This means all regulators, not just the Information Commissioner's Office (ICO), but also the media and the public feel pessimistic about the ability of organisations to keep data confidential, he said.
Regulators also appear to have lost confidence in the law's ability to deal with the problem and in their own standing within the community, which all contributes to a regulatory bear market, said Room.
As a result, he predicts UK organisations will see a lot more new policy around data protection as the ICO and other regulators move from a light to a heavy-touch approach.
The ACS Law data breach is the most visible case of data security failures right now, and the ICO is under a lot of pressure to demonstrate the toughest action possible, said Room.
"This can happen to any organisation that suffers a data breach," he said, and serves as a good reminder of the potential consequences of not having adequate data protection policies, procedures and technologies in place.
Another good reminder, he said, is Zurich Insurance's loss of 46,000 customer records.
In August, the Financial Services Authority (FSA) fined Zurich £2.27m, which works out at more than £100 a record when all costs are added up, said Room.
These cases, he said, are important reminders for organisations to learn from the ICO's enforcement notices over the past two to three years, learn from the mistakes of others, and get their data protection house in order.