Technology news of note has been a bit slow of late, certainly in the InfoSec space. There is a general sense of anticipation around PSN and G-Cloud as the framework ITTs close, but that’s rather more aimed at my chums in Telco land. Additionally we’ve had RIM’s worst week for an age, as the network experienced a few ‘problems’. To most of us, it’s been a mixed blessing. On the upside, no Blackberry meant no email when on the move. On the downside, no Blackberry meant no email. Or at least until a job lot turns up at 5.13am.
But yesterday saw some stories filtering through about the ICO having a jolly good moan that his work is being blocked by organisations refusing to have an audit done. Ummmm. Well yes? We are all law abiding citizens, but who’s going to invite the local constable in to rake over our lives on the offchance they might find something unsavoury in the sock drawer? (Clearly I would do it, but I’m busy right now). And let’s face it, most NHS/Local Authority CEOs have rather a lot on their plate right now, so whilst having Mr Graham’s audit teams rampaging about the place is a laudable idea, it’s going to come a distant second when you’re faced with laying staff off or the unions out on strike.
I’ve said this before, but I’ll say it again: until the ICO office gets some serious powers, it’s going nowhere. Currently his range of fines is £0-500k, and he can’t just immediately dish out a 500k fine, as he’ll have nowhere to go when the next data breach comes along. So, right now, it’s a metaphorical slapped wrist and a mild chiding. And guess what, this isn’t about to change, despite him lobbying for a bigger stick. The reason is the same reason nobody gives a hoot about the environment/green issues right now. Unless polar bears start contributing tax dollars, they are pretty much on their own. And unless there is another mega-breach (I may copyright that phrase – paws off Microsoft) like HMRC, the ICO is not going to get a major increase in powers.
But there is a glimmer of hope for the ICO. David Cameron put InfoSec squarely on the map when Cyber got tier one status. And his rationale? Prosperity and growth. If the UK can demonstrate it is a safe place to do business, then we will attract investment, and therefore growth. So if the ICO can link data loss to this agenda (and it’s a reasonable argument) then he stands a better chance of getting his bigger stick. If it’s done on pretty much any other basis, then I think he’s in for a disappointing Autumn and Winter.