Data Protection Shakeup

January 3, 2008

Today a influential group of MPs has said that breaches of the Act should include custodial penalties (here). Is this really the answer?

It has long been understood within the world of information security that the majority of mitigations are put in place after the ‘event’ has happened and loss has been incurred. Amendment of section 60 via the upcoming Criminal Justice and Immigration Bill looks like the likely way it will be done. This does seem similar to the way that Sarbanes-Oxley section 404, and payment card industry (PCI) brought in the need for firewalls, anti virus and security patching to mainstream IT. It sharpened the mind when penalties ranging from custodial sentencing to large fines were brought in and more critically the executive were accountable.

However it seems that this type of amendment was mooted a while ago (link)



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: