Poor governance at the heart of poor data security, says ICO

By Warwick Ashford Failure to put existing security policies into effect is another common failing, said Smith, showing that people remain one of the biggest challenges to getting information security right. Another common thread running through most data breaches both past and present is that per

By Warwick Ashford

Failure to put existing security policies into effect is another common failing, said Smith, showing that people remain one of the biggest challenges to getting information security right.

Another common thread running through most data breaches both past and present is that personal data is not properly valued, he said, mainly due to a lack of proper management structures.

This all means that improving governance and accountability is still "absolutely key" for many public and private organisations, said Smith.

The ICO's new powers to impose fines up to £500,000 and conduct spot audits, which come into effect from 6 April 2010, will help get the message home, he said.

The ICO's mission will also be aided by other legislative changes, such as the possible introduction of a data breach notification law in the UK, said Smith.

"Within 18 months data breach notification will be required by law in the telecoms sector in line with EU directives and I can see this being extended across all sectors within three years," he said.

Custodial sentences for individuals found guilty of deliberately selling information or gathering information under false pretences are also a possibility, said Smith.

"The government is consulting on prison sentences for these types of data offences, but we are unlikely to see any new legislation before the general election," he said.

This story first appeared on www.computerweekly.com

Read more on Data Protection Services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

ComputerWeekly.com

SearchITChannel

Close