Tim
Council tax payers need to be aware of this situation to put pressure on their councils. This is the transparency agenda in another form leading to accountability. The fines show that the council has to be accountable to the regulators and indirectly the council tax payer.
The reason why an appeal is the fact that the same breach occurred in 2 weeks with equally sensitive material. Do you really want to have a public appeal to keep revisiting these arguments? (Haringey shows that the best defence is not a good offence if you are in the wrong (if you heard the interview on BBC radio 4 PM you will know what I mean). It is like blaming the referee. They did not score the goal or create the penalty and they certainly were not playing the 90 minutes against you.
I would advise accepting the fine as graciously as possible and quietly go about fixing the issue. The only time to appeal is if there is something manifestly and demonstrably wrong enough for you to endure 2 - 3 news cycles fighting it. Even then it may be better to take the hit and be ready for next time by showing the regulator that you can grin and bear it.
The regulator will not go into this lightly and an appeal simply ratchets up the pressure on them to defend and prosecute their case.
As to why there is no discussion, a number of factors are in play. One is as Jonathan says "there but for the grace of God". Human nature what it is, errors are made, means we all have our own burdens that may be heavier rather than lighter.
Second professional courtesy. These are our colleagues and dissecting them public is tough on them and ourselves. I certainly do not want to revisit their errors. I want to learn from it and help my council. Any investigation by other list members may be better in private rather than public.
Third, no one should underestimate the power of this negative publicity. I met a corporate officer from Haringey 9 months after the event. The officer was not in that service but they were visibly shaken by the mere mention of it and the fact that they had to say their council's name. To be sure the cases are different in degree, but the negative publicity is powerful.
What will be of interest will be the 2nd and 3rd cases as those councils and organisations will have had the opportunity to learn from this. In a sense this is the chicken and monkey situation. It is best to learn what not to do and take this as a golden opportunity to drive the message home.
How many corporate directors or heads of service are going to suggest that they can avoid data protection issues and run the risk of a breach? This is real and the stakes are high in that 100k is 2-3 jobs . Who really wants to be responsible for that in their council?
I think that at the next dp training and awareness session people will be paying attention and thinking this through.
Best
Lawrence
------Original Message------
From: Tim Trent
To: Data Protection list
ReplyTo: Tim Trent
Subject: Re: [data-protection] First DP Fines for breaches announced
Sent: 24 Nov 2010 17:37
Am I strange in wondering why this gets so little comment from us? The day truly is a milestone. Our dear old Chihuahua has suddenly shown us that it has a bite that can hurt. There could be huge ramifications from this. He could generate sufficient monetary penalty revenue to subsidise Iceland as well as Ireland! How "fair" is it that Council Tax payers have to meet a fine? Is it fair to fine governmental organisations like this? Is it just moving money around for no real purpose? Who gets the money? On 24 Nov 2010, at 07:08, Clare Watts wrote: http://www.bbc.co.uk/go/rss/int/news/-/news/uk-11821203 Just in case you haven't heard the first fines have been announced. £100,000 for a council faxing incident and £60,000 for a lost unencrypted laptop by a private firm. Regards, Clare Watts FCE Bank plc Tim Trent - Consultant Tel: +44 (0)7710 126618 web: ComplianceAndPrivacy.com - where busy executives go to find the news first personal blog: timtrent.blogspot.com/ - news, views, and opinions personal website: Tim's Personal Website - more than anyone needs to know
Important: This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. This email and any attachment(s) are believed to be virus-free, but it is the responsibility of the recipient to make all the necessary virus checks. This email and any attachments to it are copyright of Meadowood Associates, owners of Compliance And Privacy, unless otherwise stated.
Lawrence W. Serewicz
Principal Information Management Officer
Room 4/140
Durham County Council
DH1 5UF
0191-372-8371
Help protect our environment by only printing this email if absolutely necessary. The information it contains and any files transmitted with it are confidential and are only intended for the person or organisation to whom it is addressed. It may be unlawful for you to use, share or copy the information, if you are not authorised to do so. If you receive this email by mistake, please inform the person who sent it at the above address and then delete the email from your system. Durham County Council takes reasonable precautions to ensure that its emails are virus free. However, we do not accept responsibility for any losses incurred as a result of viruses we might transmit and recommend that you should use your own virus checking procedures.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|