It is quite possible that the Information Commissioner was somewhat cheered by the recent fresh revelations about the extent of the privacy breach by Google’s Street View cars.
The Information Commissioner’s Office talks tough about data breaches, and has fought for the right to impose tough penalties on the culprits. While the ICO would prefer the power to send people to prison, it did get the right, early this year, to impose fines of up to £500,000 on those who leak private data, snoop, or retain it inappropriately.
But in reality, nothing has happened. At least, nothing visible. Thare have been no fines for data breaches since the ICO got the power to impose them. And this is a period when there have been some spectacular losses of data.
The problem may be partly the identity of the organisations at fault. A hospital lost patient details on a USB stick, and a medical recruitment agency exposed doctors’ details. In both cases, the breach was real, and the ICO surely evaluated whether to request that the culprit be fined.
The problem is, those organisations were involved in the NHS – and it seems healthcare is actually one of the worst places for losing data. Fining an NHS organisation would divert money away from doctors and patients, and put that money in a different public pocket, at a time when cuts are making things hard for everyone in the public sector.
Fining a public body would be a defensible move. It could certainly be argued that the current slack attitude to data protection would sharpen up markedly once someon – anyone – got caught up and brought to book.
But it would also be a public relations problem. The ICO would be seen as vindictive and legalistic.
So the ICO has a problem. Either it is seen as toothless for not invervening, or it could get bad press if it seized money from a public sector body already feeling the squeeze.
What it needs, it could be arguned, is a big commercial body. Preferably one without too much public support, but certianly one with a s big a profile as possible.
If the ICO wants to make an example of someone, it should be someone everyone has heard of, to get maximum publicity), and someoone everyone is suspicioius of to get the minimum backlash. It should also be someone who can afford to pay up without too much complaint, if the charges stick.
For all these reasons, Google would be the perfect target for the ICO’s first privacy breach suit. £500,000 would be a fleabite to it, given it paid £8.5 million for a few people whose privacy was breached by Google Buzz.
Paying up could also be good publicity for Google. It has a disappointing tendency to try and shirk responsibility for its failings. Paying a fine to the ICO would show it taking the rap and acting maturely. The publicity might even be worth more to Google than the fine
So, while we are sure the ICO does not like to hear about data breaches that compromise the privacy of UK citizens, in this case the news could have a bright side.
Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…
Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…
OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…
New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…
US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…
Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…