Too Little, Too Late?
From: vnunet.com 16/11/07
UK Information Commissioner Richard Thomas has argued for much tighter data protection laws in Britain, insisting that those who lose data should end up in court.
Thomas told the Lords Constitution Committee that those who knowingly or recklessly flout data protection rules should be prosecuted and fined up to £5,000.
"If a doctor or hospital [employee] leaves a laptop containing patient records in his car and it is stolen, it is hard to see that as anything but gross negligence," Thomas told the Lords. "The Commission can currently issue enforcement notices, but these do not impose any element of punishment for wrongdoing." Thomas suggested that one-off cases should not be prosecuted, but that systematic abuse needs greater censure. He also proposed that companies should be inspected without warning for data security, rather than the current system which relies on consent.
Clearly something isn’t working with regard to the UK and its data protection. The current frequency of blunders such as the one seen with HMRC and the missing CDs is almost beyond belief. From banks dumping customers’ records in black trash bags and sticking them out on the street for collection to laptops containing valuable data being stolen nearly every other week, something in the data protection system is very clearly wrong. What’s more scary, perhaps, is that such stories which come to light might only represent the tip of the iceberg. Worst still is that without a substantial change in the law and the powers afforded to the Information Commissioner’s Office, there is little hope on the horizon that such ‘trainwrecks’ will become a thing of the past.