If the news that the Information Commissioner’s Office has levied its first fines is supposed to scare people and organisations into being ethical, compliant with the law, using common sense and following sensible IT security precautions then I’m afraid the ICO is deluded.
Remember that the ICO is complicit in the mass privacy breaches by BT and Phorm in their secret and illegal testing. The ICO did nothing to prevent this from happening. The ICO now says that it doesn’t need technical expertise for its role. I say that is bulls**t. The ICO needs technical expertise as much as it needs legal expertise. Its abysmal perphormance in the Phorm phiasco proves that it does.
Back to the fines. A private company (A4e) and a local authority (Hertfordshire County Council) were fined £60,000 and £100,000 respectively.
Big fat hairy deal. Companies can be renamed. Local authorities are generally pretty faceless. Publishing the names of the people responsible for these breaches and fining them will make a far stronger difference.
What kind of signal does this send to the likes of BT and Phorm?
One that amounts to a 4 year old trying to slap a 7ft tall man in the face with a defrosted shrimp.
As ever, the discussion at NoDPI highlights a few relevant facts about the ICO’s performance including one very important fact:
So far NOT A SINGLE LARGE INTERNET COMPANY HAS SUFFERED ANY PENALTY FOR EITHER DATA PROTECTION BREACHES OR ILLEGAL INTERCEPTION in the UK.
As I’ve written previously, will Christopher Graham have the balls to land a severe fine on Andrew Crossley?
Mr Graham, my cat is still interested in your job. He would be happy with a much lower salary than yours. In your place I’d be getting nervous, especially as he wants me to make a video about it.
Until you start taking on the big data protection offenders (BT, Phorm, TalkTalk et cetera) with serious action (and I don’t mean the “I have in my hand a piece of paper” crap you’ve done with Google) you will always lack credibility.
Talking of ICO lacking credibility, word is out that TalkTalk’s “Virus Alert” system which scans every website visited by TalkTalk users is entering a testing phase. Comment #8 is well worth highlighting:
Worth pointing out also that the opt out will make no difference as your browsing habits will still be scanned. All that will not happen is that you will not get a pop up infroming you of potential risk of virus infection.
So in real terms everyone is opted in to the scanning. They are only opted out of the choice to be informed of potential threats.
Hang on, that sounds like illegal interception to me.
Yes, it is illegal interception. Read this discussion and if you are a TalkTalk subscriber follow the instructions on how to get a MAC code for a new ISP. It seems that the ICO has approved this illegal scheme as well.
If you value your privacy, do not use TalkTalk.
The ICO, not standing up for your privacy rights. Incompetent, half-witted and gutless.