Actually I got a rather different message from that session.  The impression which I got was that save where the breach was egregious, they would still be looking to work with those who reported. 

 

Obviously the crass, deliberate (or repeated) offenders might well not go for notification but I think the rest (of us?) need have little to fear.

 

I do agree that our organisations might need convincing of this.  But if you look at the numbers of breaches reported, they can’t go after us all.

 

Regards

 

Jim

 

 

I was at the ICO’s conference in Manchester on Wednesday and they were discussing their new powers there. Scariest one is the voluntary notification of breaches which seems to have moved the goal-posts considerably. When it was launched last year the ICO said that they would not use voluntary notification as a way to beat down transgressors but would look to provide them with help to overcome the problem and guidance to go forward. Now the Info Security team are saying that they will investigate all breaches and take action against severe breaches regardless and, once the new powers under the C&J Act come in, they will look to hefty fines and prison sentences where they consider it appropriate.

 

Hands up now, who wants to voluntarily notify a breach under such conditions?????