Latest News Headlines
Commercial Credit News
|Comment re: ICO Commissioner saying needing tougher penalties|
|Tuesday, 12 January 2016|
Comment from Esther George, Director of Cyber Crime and Prevention at 8MAN: “The comments from Information Commissioner Christopher Graham on the need for greater sentencing powers reveals the continued disconnect between the actions of cyber thieves and the punishment that they receive. There needs to be a move to ensure that the penalties given take into account the gravity of the situation.
"At present, most cases if handed to the police and Crown Prosecution Service (CPS), can be dealt with under Section One of the Computer Misuse Act 1990, which deals with unauthorised access to a computer and can result in a fine and imprisonment of up to six months. The ICO prosecutes under the Data Protection Act so they are limited to fines alone.
"However, we should be looking to prosecute offenders under Section 55 of the Data Protection Act. Currently this means that only fines can be imposed but the Secretary of State has the power to alter the penalty for an offence of unlawful obtaining data which will give judges greater sentencing powers, including longer imprisonment. This hasn’t happened yet and therefore lighter penalties are given. It is no surprise that cyber crime continues to rise with low fines acting as the only deterrent.
"More importantly though is the need for much greater education within organisations as to how to handle these incidents, who they inform and what they should do to prevent them in the first place. For many organisations they presume that if data is lost that they should go to the ICO, who then run their own investigation and prosecute. This means that the police and CPS aren’t even aware or are able to impose tougher sanctions. Education must take place into what policies and procedures are needed to prevent these incidents, when they should go to the police versus the ICO and what information needs to be provided to build a solid case for prosecution under the Data Protection Act. Only with tougher penalties will we deter cyber criminals.”
Comment from Philip Manning, Non-Executive Director at 8MAN: “Cyber protection is about much more than just implementing a solution. Organisations need to be in the mindset of prevention is better than being reactive and that is a much bigger issue and challenge than should be sitting in the Risk or IT teams of a business. The fine of £1,000 for stealing 28,000 pieces of sensitive data, as referenced by Christopher Graham, is minimal compared to the greater damaging effect it could have on a company in terms of financial harm on share prices or loss of reputation. The responsibility for addressing how a company can prevent and deal with breaches needs to lie with the CEO. All too often companies focus all its attention on the external threats when the reality is that internal threats actually pose the biggest risk to a business, and can be the easiest one to address. By preparing and, crucially, enforcing policies and procedures that clearly outline the boundaries to which employees can access data and the resultant actions should they breach this trust, it ensures that the importance of data protection is upheld throughout the organisation.”
Forums International Ltd
Attendance at your first meeting is free of charge, and please quote reference 'CCR2016' to receive the special 10% discount off of your first annual subscription.
Find out more here.
The latest edition of CCR Magazine, the leading editorial publication in the UK credit industry, is out.
CCR is the premier magazine for consumer and credit professionals. It provides an independent voice to the industry, breaking major news stories and running in-depth features.
As a magazine, it works with and campaigns on behalf of the credit industry to promote its importance as a centre of potential profit and business development to the wider business world.
Providing information and analysis for thousands of senior credit professionals worldwide, every quarter.
GTS Media Ltd
81 Cambridge Road
Registered in England No: 05483197