Information Commissioner, Christopher Graham, said: It is difficult to imagine information more sensitive than that relating to a child sex abuse case. I am concerned at this breach not least because the local authority allowed it to happen twice within two weeks. The laptop theft, while less shocking, also warranted nothing less than a monetary penalty as thousands of peoples privacy was potentially compromised by the companys failure to take the simple step of encrypting the data.
A strong message
These first monetary penalties send a strong message to all organisations handling personal information. Get it wrong and you do substantial harm to individuals and the reputation of your business. You could also be fined up to half a million pounds.
But there is a bigger picture issue here too. Are such fines, levied against government or private bodies, likely to be paid by the organisations concerned, inflicting penalties on taxpayers and stock holders, rather than the individuals who made the actual mistakes?
This hardly seems fair to taxpayers and stockholders, but some might say fining the individual public servants or employees is harsh too. But, how else can the message of the importance of protecting private data be hammered home?
I wonder how governments in Singapore, Malaysia and Hong Kong would handle such incidents today?
What do you think? Should organisations pay, or should the individuals who caused the breach?
Ross O. Storey, currently the Managing Editor of Fairfax Business Media Asia, is responsible for the editorial content and production of MIS Asia, CIO Asia, Computerworld Singapore and Computerworld Malaysia magazines.
Sign up for CIO Asia eNewsletters.