[BreachExchange] Firms face £20million fines for losing your private data: Report also says firms' bosses should be penalised if businesses suffer a data breach

[Audrey McNeil]

http://www.dailymail.co.uk/news/article-3651445/Firms-face-20million-fines-losing-private-data-Report-says-firms-bosses-penalised-businesses-suffer-date-breach.html

Companies will face fines of up to £20million if they lose customers’
personal data in cyber-attacks.

A damning report by MPs called for watchdogs to be given the ability to
hammer firms in the pocket if they fail to safeguard sensitive information.

Bosses should also be penalised if their business suffers a data breach –
with their own pay and perks linked to effective online security, the
culture, media and sport select committee has said.

And criminals who hack and sell private information – including names,
addresses, phone numbers and bank details – should be jailed for up to two
years, according to the cross-party panel.

The far-ranging recommendations were included in a report, dubbed a ‘giant
wake-up call’, which was triggered by a series of huge data losses at
communications giant TalkTalk.

The reputation of the under-fire internet service provider, which has
around four million customers, took a battering after it was hacked last
October.

The company said about 160,000 people’s details were compromised, with the
financial information – bank sort codes and account numbers – of 15,000
customers being stolen.

Six arrests have been made, including three teenagers.

TalkTalk, which said the attack could cost it up to £35million in lost
sales and services, was blasted for its lax computer systems and being slow
to inform customers and the Information Commissioner’s Office about the
breach.

But research found 90 per cent of large organisations had suffered a
security breach, and 25 per cent of companies experience a cyber-attack
every month.

In the public sector, the NHS has the most breaches. Jesse Norman, Tory
chairman of the committee, said: ‘This is a giant wake-up call for the
industry because the TalkTalk hack showed that even very sophisticated
companies in the telecoms area were not invulnerable.

‘Failure to prepare for cyber-attacks and failure to inform and protect
consumers must draw sanctions serious enough to act as a real incentive and
deterrent.’

The report called for the Information Commissioner’s Office, Britain’s data
watchdog, to be given tougher powers, including the ability to fine firms
if they do not make it easier to verify whether online or phone messages
are genuine.

MPs said the ICO’s maximum £500,000 fine was ‘not a significant deterrent’
to huge companies. In 2018 the commissioner will be able to order fines of
up to £20million or 4 per cent of global turnover.

Information Commissioner Christopher Graham said ‘eye-watering’ fines would
make ‘big players sit up and take notice’.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160621/cf8aa370/attachment.html>