If the unnoticed/unreported breaches are greater in quantity than the
reported ones maybe the OIC will still chose to pursue those which most
fit in with their direction, so who will be concerned?
Even so this particular action does seem at odds with the previous
strategy in a similar area — enforced subject access — where
amelioration or covert promotion illustrated the legal sectors main way
of dealing with that, to the extent it became endemic within many UK
sectors, in breach of European laws, and was actively promoted by US
and other external embassies.
It will be interesting to see how this develops over the next few
years.
Ian W
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of J.S.M.Whitaker
Sent: 06 March 2009 21:00
To: [log in to unmask]
Subject: Re: [data-protection] Firm selling data for years
Actually I got a rather different message from that session. The
impression which I got was that save where the breach was egregious,
they would still be looking to work with those who reported.
Obviously the crass, deliberate (or repeated) offenders might well not
go for notification but I think the rest (of us?) need have little to
fear.
I do agree that our organisations might need convincing of this. But
if you look at the numbers of breaches reported, they can’t go after us
all.
Regards
Jim
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Giles, Kevin
Sent: Friday, March 06, 2009 8:31 AM
To: [log in to unmask]
Subject: Re: [data-protection] Firm selling data for years
I was at the ICO’s conference in Manchester on Wednesday and they were
discussing their new powers there. Scariest one is the voluntary
notification of breaches which seems to have moved the goal-posts
considerably. When it was launched last year the ICO said that they
would not use voluntary notification as a way to beat down
transgressors but would look to provide them with help to overcome the
problem and guidance to go forward. Now the Info Security team are
saying that they will investigate all breaches and take action against
severe breaches regardless and, once the new powers under the C&J Act
come in, they will look to hefty fines and prison sentences where they
consider it appropriate.
Hands up now, who wants to voluntarily notify a breach under such
conditions?????
Kevin Giles
Information Compliance Advisor
The Glasgow Housing Association Ltd
Tel: 0141 274 6723
Fancy a job? - http://www.tiscali.co.uk/jobs/
__________________________________________
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|