Recently the Information Commissioner’s Office (ICO) warned that businesses could stand to receive tough fines if they do not put processes in place keep personal information secure.
A spokesperson, David Evans, commented that “companies are not taking it [data protection] very seriously,” and he went on to say that any business found to be lacking in information security could expect to get a rude wakeup call with a maximum fine of £500,000.
Companies were also called upon to invite the ICO in to their businesses to review their processes with a promise that in these instances no fines will be levied if a breach in security is found.
Evans talked about how a major security breakdown at Lush, the online retailer for cosmetics had set off the alarm bells for the ICO. Lush had failed to put in place even basic information security processes and following a cyber attack around 5,000 personal credit card details were stolen.
Lush responded well by admitting their security breach to customers and putting in place robust security. They avoided penalties through publicly announcing the security failure.
As a warning to others Evans advised that those in information security jobs needed to be vigilant and precise in their working practices. They also need to be able to adapt to the dynamic nature of cyber security. Recruitment in the areas of risk management and security is likely to continue to grow as a result as more companies become more accountable to their customers and the need to protect personal data.