I think the interesting part of this is how to prevent the sending of data whether by email/fax or however which is the result of a simple number transcription error or fat-fingering. My first thought is white-listing but it's going to be a PITA to set up and get every one to use.
Where does the fine on the council go? It should be used by an gov run department to alter the councils processes or equipment to prevent the error reoccurring the measures being applied across all gov depts carrying such sensitive info; I'm going to guess it won't be.
I don't know whether to laugh or cry. I would hope that too if only experience didn't lead so strongly away from such a conclusion. At best the person responsible will get a golden handshake [huge pay off to leave].
What I would expect to happen is this would result in the need for further executive level training for the relevant managers, which probably happens at some nice country house hotel for a week or so.
Once they have passed this course they will probably get a bonus for completing extra training.
The carrot and stick are in the wrong place. It's the individual that needs to be fined (obviously not £100,000 though, just an amount that will make them cry and inconvenience them somewhat). You can bet they won't make that mistake twice.
Companies just factor in fines as the cost of doing business.
At least in this case the money is moving from the council back to the central government. If you think making this point is useless, consider these two councils:
"In one case, Islington Council not only issued a parking ticket to itself, but then pursued itself at the Parking Adjudicator and then asked for costs against itself. "
"SOLICITORS working for Aberdeen City Council have been told the authority will be able to go ahead with legal action against itself over the closure of a city homeless hostel."
A fine on this sort of thing seems like the wrong message. The breaches will happen whether there are fines or not, the fines just make people less likely to report it which makes it harder to do things like obtain "a court injunction prohibiting any disclosure of the facts of the court case."
This law looks good in the media but doesn't help people's information stay safe.
11 comments
[ 2.9 ms ] story [ 33.4 ms ] threadWhere does the fine on the council go? It should be used by an gov run department to alter the councils processes or equipment to prevent the error reoccurring the measures being applied across all gov depts carrying such sensitive info; I'm going to guess it won't be.
Once they have passed this course they will probably get a bonus for completing extra training.
Companies just factor in fines as the cost of doing business.
"In one case, Islington Council not only issued a parking ticket to itself, but then pursued itself at the Parking Adjudicator and then asked for costs against itself. "
http://www.timesonline.co.uk/tol/money/consumer_affairs/arti...
And
"SOLICITORS working for Aberdeen City Council have been told the authority will be able to go ahead with legal action against itself over the closure of a city homeless hostel."
http://www.pressandjournal.co.uk/Article.aspx/1577294
They should really check the numbers before sending out confidential information. Which boils down to my earlier statement.
This law looks good in the media but doesn't help people's information stay safe.