Latest Blog Posts

Focus on 2012: 5 key areas in Enterprise IT

(19 December 2011)

From in-house to consultancy: moving to the ‘dark side’

(01 December 2011)

Brace for the feared double dip: IT planning can maximise mergers and acquisitions

(27 October 2011)

The tricky business of justifying IT expenditure

(19 October 2011)

IT consultants should drop the ITIL clichés to win clients over

(19 October 2011)

Steps to a successful Service Transition – new white paper by Plan-Net

(26 September 2011)

‘Cloud Consultancy’ – Experience On Demand

(26 September 2011)

ITIL 2011: Continual Service Improvement or just the result of V3 being rushed?

(03 August 2011)

The GLOCAL IT Service Desk

(26 June 2011)

Oh no… Not another Service Management initiative!

(20 June 2011)

5 reasons to employ an IT consultant

(22 May 2011)

Financial firms’ IP is safe with VDI

(11 May 2011)

IT Support: grow-your-own or buy organic?

(11 May 2011)

Where is that ‘cultural change’ which makes ITSM Best Practice effective?

(19 April 2011)

Executive exceptions: Best Practice killers or just business as usual?

(10 April 2011)

Desktop Virtualisation: Still not a perfect View

(23 March 2011)

What is the impact of the Cloud on the existing IT environment?

(10 March 2011)

Private vs. public sector IT security: more dedicated staff, yet less awareness

(03 March 2011)

Surviving IT spending cuts in the public sector

(15 February 2011)

10 things we learnt in 2010 that can help make 2011 better

(23 December 2010)

IT workforce continuity

(17 December 2010)

Minimising IT downtime for finance professionals

(30 November 2010)

ITIL V3 – should you bother?

(24 November 2010)

Taking the third option

(25 October 2010)

The peculiarities of Metro Bank’s IT outsourcing model

(19 October 2010)

Saving ITIL – how to protect the reputation of Best Practice frameworks

(11 October 2010)

5 tips for moving Disaster Recovery to the Cloud

(04 October 2010)

Does the future of business mobile computing lie in hybrid tablet devices?

(27 September 2010)

How many police officers does it take to email 10,000 criminal records to a journalist by accident?

(15 September 2010)

The perils of commoditising IT Support

(01 September 2010)

Life after ITIL – creating a culture of Continual Service Improvement

(02 August 2010)

10 reasons to migrate to Exchange 2010

(27 July 2010)

Are you Off-Sure about your IT Service Desk?

(14 July 2010)

Mind the skill gap

(11 July 2010)

Microsoft should fear not – is Apple even in the same league?

(24 June 2010)

Is your IT Service Desk future proof?

(22 June 2010)

The quest for a portable office - are all mobile devices safe for work?

(21 June 2010)

Will Tablets rule the future?

(16 June 2010)

Getting back to work - but with a service provider.

(15 June 2010)

Cloud computing: how to minimise lock-in risks

(09 June 2010)

Public sector, private data - is outsourcing the Service Desk too risky?

(02 June 2010)

Doing more with less: an opportunity to learn

(06 May 2010)

Sharing the IT Service Desk: sharing cost, sharing quality

(03 May 2010)

So, Microsoft outsources IT support – What’s all the fuss about?

(27 April 2010)

Survey reveals 1/3 of UK organisations put off Windows 7 roll-out, but are they wise to wait?

(13 April 2010)

Is information safe enough at NHS trusts?

(31 March 2010)

Best Practice and Virtualisation: essential tools in Business Resilience and Continuity planning

(25 March 2010)

What to look for when bringing offshore work back home

(22 March 2010)

5 thoughts on the IT Service Desk that need re-thinking

(10 March 2010)

Microsoft System Center Service Manager 2010: a credible challenger in the Service Management software market?

(17 February 2010)

Do you really want to lose (inter)face?

(15 February 2010)

A new lease of IT life

(11 February 2010)

From ITIL v2 to v3 – where to start?

(08 February 2010)

Can you afford not to invest in Best Practice?

(02 February 2010)

Experiential Learning explained through Confucius

(02 February 2010)

Quick win, quick fall if you fail to plan ahead

(11 January 2010)

Cloud computing – Help your IT out of the Tetris effect

(08 January 2010)

One of you may be fired

(17 December 2009)

Hot or not. ..Says who?

(15 December 2009)

2012: avoiding the IT Apocalypse

(03 December 2009)

Punishment alone does not work

(03 August 2009)

HSBC Data Loss

(26 July 2009)

ITIL for ITILs sake

(02 June 2009)

VDI and Windows 7

(06 May 2009)

The art of deception

(05 May 2009)

VDI - the revolution begins...

(04 May 2009)

Wake up and tackle the real VDI issues!

(24 March 2009)

ITIL Version 3

(18 February 2009)

Virtualisation - making the headlines

(18 February 2009)

Batten down the Hatches!

(18 February 2009)

Overcome the Freeze

(10 January 2007)

Punishment alone does not work

Posted in Information Security on 03 August 2009 by

Every so often a multinational corporation with an image to protect or a public sector organisation that the public are supposed to trust find their lackadaisical approach to information security horribly exposed. The media kick up a stink, various experts are wheeled out to pass comment and we all gasp in horror at the weighty fine imposed - or in the case of the public sector, look on disapprovingly as they humbly promise never to do it again.

Then, after they stump up the cash, all is quickly forgotten until the next time. The question we have to ask, given the propensity for carbon copy mistakes happening time and time again, is are the hefty fines really working?

Well it seems the ICO have finally cottoned on that the answer is a resounding no and can now ask companies that have breached the DPA to undertake certain behaviour that it thinks will fix the problem. No longer will offending companies be able to stump up the money - to the tune of £3.5 million for HSBC - and forget about it. Soon the ICO will be given powers by Government to issue direct fines to organisations whose behaviour represents a knowing or reckless breach of the principles.

It seems the goal posts are moving, but are they moving the right way? Punishment is all well and good, but should organisations really need to be forced to implement preventative measures after the horse has bolted? The ICO should be thinking of ways to work with organisations to instil a cultural change in both businesses and the public sector so they truly understand the need for properly secured information. The fear of reprisals, whether financial or otherwise, is clearly not working.

David Cowan
Head of Infrastructure, Plan-Net plc

Post your Comments

Your name: (required)

Your email: (required, never displayed)

Comments