Sinking your teeth into data security

The Information Commissioner’s teeth will be delivered in the next couple of months. Regular readers will recall that last year saw intense lobbying by the ICO to be give far stronger powers to prosecute breaches of the Data Protection Act.

The Government gave in. It was rather on the back foot, having lost data with the same regularity that its MPs submitted expenses claims. So new legislation was drawn up which significantly enhances the ability of the ICO to punish those who do not take their data responsibilities seriously.

A major element of these new powers will be the ability to impose civil penalties on companies that have lost personal information. Previously, the ICO had to make a criminal case. So many more company directors could be facing up to the threat of paying for data security breaches.

How many? Any number greater than zero is likely to be an accurate estimate because there has been no regular tracking or obligation to report on such losses before. When they have become visible, it has often been a pre-emptive announcement by a company to mitigate customer concerns about their data.

What is not clear is whether the threat of fines will increase the number of such losses we are aware of or reduce them. After all, directors may decide that, if they own up, they could get hit with a fine (and may also face civil liabilities towards the data subjects), so it is better to keep quiet and hope not to get found out.

It is to be hoped that these new powers will lead to a reduction in actual data losses, whether we learn about them or not. Any organisation that is in posession of sensitive personal information – which effectively means every organisation that has computing technology – needs to be taking data security seriously.

This concern has been a long time in coming. It took 18 years for the opt-out to be added to the edited Electoral Roll, giving consumers the same rights they enjoyed in every other situation when they had to provide their personal information. It has taken 24 years for data breaches to be recognised and punished.

The assumption by many companies seems to have been that, if customers want to do business with them, surrendering control over their data is part of the deal. IT departments have concentrated on getting that data into the systems that need it. Directors have barely thought about the fact they may have other responsibilities.

Now the balance is swinging back towards the data subject – and so it should. After all, while the organisation might get fined and suffer damage to its reputation, that is as nothing to having your bank account or even identity hijacked.

Sometimes, the only thing you can do is to hurry up and wait.

Latest from Marketing Week


Access Marketing Week’s wealth of insight, analysis and opinion that will help you do your job better.

Register and receive the best content from the only UK title 100% dedicated to serving marketers' needs.

We’ll ask you just a few questions about what you do and where you work. The more we know about our visitors, the better and more relevant content we can provide for them. And, yes, knowing our audience better helps us find commercial partners too. Don't worry, we won't share your information with other parties, unless you give us permission to do so.

Register now


Our award winning editorial team (PPA Digital Brand of the Year) ask the big questions about the biggest issues on everything from strategy through to execution to help you navigate the fast moving modern marketing landscape.


From the opportunities and challenges of emerging technology to the need for greater effectiveness, from the challenge of measurement to building a marketing team fit for the future, we are your guide.


Information, inspiration and advice from the marketing world and beyond that will help you develop as a marketer and as a leader.

Having problems?

Contact us on +44 (0)20 7292 3711 or email

If you are looking for our Jobs site, please click here