Data Watchdog: Privacy Must Not Be An Afterthought

Andrew Donoghue,

The ICO has released a new report which includes tools to help enterprises argue a business case for data protection

The UK’s Information Commissioner has called on businesses to put a value on personal information and invest in systems to protect it, or risk the legal or PR consequences.

The ICO released a report this week entitled “The Privacy Dividend” which the organisation says sets out a financial case for data protection.

“No organisation can neglect to protect people’s privacy. Not only is it the law, but there is also a hard-headed business imperative,” said Information Commissioner Christopher Graham. “This report provides organisations with the tools to produce a financial business case for data protection, ensuring privacy protection is hardwired into organisational culture and governance.”

According to the ICO, the report includes “practical tools” to help organisations prepare a business case for investing in privacy protection. These include “Calculation Sheets” to help companies assess the value of their personal information.

“Even though we have had data protection laws for 25 years, continuing privacy incidents, such as with well-publicised data losses, show that more still needs to be done to help ensure that personal information is properly protected,” said Graham. “Protection cannot be left to chance or be seen as doing only the bare minimum necessary to comply with the law; proper safeguards have to be built in from first principles, not bolted on inadequately as an afterthought.”

Last month a mortgage company was found in breach of the Data Protection Act by the ICO after accidentally emailing details of more than 15,000 customer accounts to a member of the public.

In January the ICO warned that businesses that do not own up to data breaches will face tougher action than those that come forward of their own volition.  The ICO said that more than 800 data security breaches have been reported over the last two years. The ICO warns that companies that approach it voluntarily will still face some action, but those businesses which attempt to cover-up security incidents will be hit with much tougher penalties.