- About Acumin
- News & Events
- Contact Us
Private companies can expect more ICO fines, regulator warns
David Evans, ICO group manager for business and industry, admitted "companies are not taking it [data protection] very seriously," and warned he planned to make an example of any future culprits in the private sector by imposing a monetary fine of up to £500,000.
Speaking at the European Community Meeting of the PCI Security Standards Council in London this week, Evans conceded that so far, the ICO has mostly avoided using its powers to impose monetary penalties. Just a few local councils have so far received ICO fines.
But Evans said the security breach at online cosmetics retailer Lush last year had been "a wake-up call" for the ICO. In that case, the company had failed to implement basic security measures, and in turn, its website was subjected to a malicious intrusion, potentially compromising approximately 5,000 customer credit card records.
However, following the breach, Lush admitted the mistake, communicated openly with customers and added strong security measures, including putting its card processing out to a PCI DSS-compliant payment service provider. As a result of those actions, the company avoided a fine and was merely obliged to make a public admission of guilt and an undertaking to do better in the future.
To read more. Click here
News CategoriesBusiness Continuity Management Contract Recruitment Cyber Security Executive Management Governance & Compliance Information Security & Risk Management News Penetration Testing, Forensics and Intrusion Analysis Sales and Marketing Sales Engineering Technical Security