Coppers from the Coppers

Last week brought us a supposed landmark in the life of the ICO. They handed out the first fine to a Police Force, rapping Lancashire over the knuckles for losing some stuff, and having slapdash procedures. Bad Policemen. The resulting £70,000 fine will undoubtedly be paid for out of contingency cash, but at a time when Police funding is getting headlines for all the wrong reasons, one imagines somebody somewhere at Lancs Police HQ got an almighty telling off. Or you’d hope so…

So, all good right? Ummm. No. Because thanks to an FOI request made to it, it seems that in certain cases, actual fines levied by the ICO were less than that announced. In a rather interesting piece of work, asked for the actual fines paid by a number of organisations. Guess what? Some organisations got reductions, and some had huge amounts shaved off their fines, but ironically, in many cases the ICO refused to answer the question, stating:

“It is likely that disclosure of all the information you [] have requested would prejudice the monetary penalty process. It is important to point out that we do recognise that the cases you reference in your request are completed. However, we consider that the prejudice would occur to the overarching process and we have to be mindful of the possible prejudice to any future cases,”

The full article is here, and well worth a read.

It’s all a bit odd. The ICO are fining organisations (rightly) even though they are clearly in financial schtuck, then backing off the fines in some cases, and then refusing to explain why.

I think some more work is required here, as this doesn’t feel about right. Fines are supposed to be punitive. Fines are supposed to be a deterrent. Setting precedent whereby organisations no matter how cash strapped can reduce the already (relatively) low sums involved is unhelpful to say the least

I’d like to see bigger fines, and I’d like to see why organisations are getting off and the reasons why.

Good work


About Graeme Stewart, McAfee

I work for McAfee as Director of Public Sector Strategy and Relations, UK&I
This entry was posted in Compliance, Cyber, Data Breach, Data Breach Fine, ICO, Information Security, InfoSec, Legal, Police ICT, Security, Sophos and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s