Come on - another fine. Not saying that it's right for companies to be careless with data, but is there no other way to get a point across without a fine? It's just a money-making exercise as shown in detail here: http://www.infoseccynic.com/2010/04/06/ico-on-a-nice-little-earner/

Resorting to punitive measures, such as fines, represents a sad day in the history of information security. Alas, the repeated examples of lax corporate and public sector security awareness and compliance have made it an unfortunate necessity.
Lax data security processes are not confined to the private sector. TK Maxx, Nationwide Building Society and Cotton Traders are just a few examples of enterprises that have suffered a data loss or theft, but can immediately be matched by failures within the public sector at HM Revenue and Customs, the NHS, the Ministry of Defence, to name just three.
Increased regulation and public expectation over the safety of data poses challenges for the IT department and for those responsible for security policy and training. These challenges are amplified by the real threat of a large fine or other legal sanctions. Some businesses, particularly in vertical sectors such as financial services that are already heavily regulated in relation to data protection, often find themselves struggling to stay on top of the latest regulations and requirements.
Failure to stay on top of these rapidly evolving legal requirements can quickly develop into malaise, and this is where security problems occur. The sizable fines the Information Commissioner’s Office can now impose will hopefully deter organisations of all types from falling behind on data security.
However, if past instances of data loss and theft teach us anything, it is that regulation alone will not solve the problem. Such measures must be aligned with an overall government effort to encourage and build a culture of security best practice and common sense, underpinned by solid technologies that can deliver the level of security required by law and able to cope with emerging threats and the changing ways in which we work.

Anyone else here reading “I.T. WARS”? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, policies, and so on. Just Google “IT WARS” – check out a couple links down and read the interview with the author David Scott. (Full title is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium”).

And do it properly, not a fine. If directors don't do their job and people end up dying (like train crash deaths due to poor maintenance) then those directors and maintenance people should go to jail.

A fine for data loss is ok, is might spur some software/hardware makers into making something that auto-encrypts everthing without hassle.

But if you really want to spur things along then bringing in a max 2 year prison sentence for data loss would really jump start the encryption market!

If you're going to lose Top Secret data on a laptop, then you do need a spell in prison as does your boss, his boss etc up to the top.

Time that Kingston sued the Government then for £500,000 plus expenses as UK Govt certified encryption used to protect these drives proves to be rubbish. Britain's lack of Government based data security could be a serious threat to the US and others.

As already disclosed many times via the media, the Data the Government does have is very loosely guarded. Laptops left in public places, CD discs, DVD Discs, and Pen Drives left in public places.

To cap it all they still want to store more of our private and personal data. We read that there is a sell off of our private and confidential files, read story here: http://tinyurl.com/y85asqc

With this Governments obsession collecting and storing as much of our private and confidential details it is therefore alarming to discover that UK Govt certified encryption used for protecting these ‘Kingston Pen Drives’ is pretty well useless story link below.
http://tinyurl.com/yevfhqz

Signed Carl Barron Chairman of agpcuk

http://carl-agpcuk.livejournal.com/

About bloody time too, but the £500,000 limit is way too low.

There are many large companies for whom this amount would be a drop in the ocean.