Of the 2,565 data breaches identified by the Information Commissioner's Office (ICO) since April 2010, "only 36 have resulted in a punishment--and only four have resulted in financial penalties," according to The Guardian. An ICO spokesman said getting organizations to comply with the Data Protection Act "isn't always best achieved by issuing organizations or businesses with monetary penalties." Just this week, the ICO announced breaches at Norwich City College and NHS Birmingham East and North. A Christchurch nurse was also found guilty of misconduct for inappropriate access of medical records. The ICO's acting head of enforcement said, "organizations have a legal responsibility to abide by the principles of the DPA."
If you want to comment on this post, you need to login.