A warning to the serially incompetent and the wicked

At last week’s Data Protection conference the new Information Commissioner – Christopher Graham – made his first public speech. With the title ICO: new powers, new funding and a new Commissioner it was certain to establish the direction we’d see the ICO taking for the next five years. The slides from the speech are available on the ICO’s web site (PDF), and the Commissioner didn’t disappoint.

All organisations need to be aware of the Commissioner’s new powers to fine those that breach the Data Protection Act. These powers come into force in April 2010. The good news is that the Commissioner still wants take a carrot-driven approach and help organisations to do the right thing, the ICO’s first reaction will always be to advise and assist.

However, the Commissioner was clear that he planned to use his new powers. The level of the fine has not been set by Government, and he’s lobbying for fixed fines with a maximum of “hundreds of thousands of pounds”. He anticipated that around 20 organisations – “ the serially incompetent and wicked”  – would feel his stick-based sanction in the first year.

If you’re concerned about how well your organisation complies with the Data Protection Act and how securely you look after the information you hold then there’s no better time for someone to have a look. I offer an integrated Information Security and Data Protection gap analysis that will show you just how well you’re doing, and suggest simple (and often low cost) ways to improve.

If you’d like to find out more then please call me on 020 8144 8456 or contact me. On the other hand if you are incompetent or just plain wicked then watch out — the ICO may still focus on the carrot-driven approach to compliance, but he’s about to get a really big stick that he intends to use.