UK companies could face fines for poor data-leak prevention

Contributed by Roumiana Deltcheva (Friday, November 05, 2010) | Category : Email security

UK companies that fail to practice proper data-leak prevention could face steep fines in the coming months, according to recent comments made by Information Commissioner Christopher Graham.

Speaking at the public sector publisher's conference, Graham said he plans to use the teeth given to data protection laws earlier this year. Using the 2007 case of a data breach suffered by HM Revenue and Customs, Graham said incidents similar to the HMRC one that exposed the confidential information of 25 million people will face the "max penalty." He called the HMRC breach "the horror benchmark."

Graham said companies can learn from HMRC's poor data-leak prevention. He added that the ICO will consider a company's size when levying fines and sanctions.

Healthcare is one of the UK's hardest hit industries in terms of data loss. Graham said the National Health Service has suffered 377 incidents, which is 30 percent of all the 1,254 breaches reported to date.

Google may be one company on Graham's radar for fines. The ICO recently said Google's collecting of personal data through the cars used to map its Street View technology constituted a "significant breach" of the Data Protection Act. The ICO will now audit Google's data-leak prevention practices.