Data Handling Procedures in Government: Interim Progress Report
Richard Clayton
ukcrypto at chiark.greenend.org.uk
Sat, 19 Jan 2008 14:28:11 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In article <4791FF8E.5080006@callnetuk.com>, OTC <otcbn@callnetuk.com>
writes
>Peter Tomlinson wrote on 19-01-08 11:59:
>>>
>>>
>> The ICO has in public told DoH that they will be prosecuted if they
>> again allow the exposure that happened with the junior doctors
>> recruitment system MTAS,
>
>Wow. If he finds people breaking the laws that he is paid to enforce, he
>tells them not to do it again. Pretty ruthless kinda guy, eh?
that's the extent of the powers he was given -- bottom line is that our
elected representatives weren't prepared to give him any more
> and has obtained a written commitment from them
AIUI, that's not especially significant -- it's the formal notice he
serves on them that matters....
>Yeah. I'll bet they're scared. They might even get fined next time. I
>wonder whose money they'll use to pay the fine.
it's a maximum of 5000 pounds ... I don't think it will matter one way
or another who pays -- of course if they sacked two layers of management
for getting fined, that might make more of an impact
The FSA is the body that dishes out the big fines -- the Nationwide were
fined 980K when they lost a laptop; but the fine was for being so out of
control of their business that they could lose a laptop and have it
matter...
... as ever, the key question isn't why someone thought it was sensible
to leave a laptop in a car overnight; or even why there wasn't full disk
encryption applied to it; but why someone has a need to have access to
600,000 records in the first place.
If the ICO started asking those sorts of questions, and serving notices
to fix flawed system _designs_, then we might be getting somewhere.
IANAL
- --
richard Richard Clayton
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. Benjamin Franklin
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBR5II+5oAxkTY1oPiEQL4JgCggGKolw2OQOBguCroyFxQKjnaXbIAn0J0
PZI/CWxJyAVOV9NYk/elNl5i
=UUdJ
-----END PGP SIGNATURE-----