Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Wednesday, 22 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

ICO reveals that it suffered a security incident in past 12 months

by The Gurus
October 14, 2020
in Editor's News
Share on FacebookShare on Twitter

The Information Commissioner’s Office (ICO) suffered a “non-trivial data security incident” within the last 12 months.

In the same week that it released its 2013/2014 annual report, Information Commissioner Christopher Graham said that there was one “non-trivial data security incident” that was treated as a self-reported breach.

He said: “It was investigated and treated no differently from similar incidents reported to us by others. We also conducted an internal investigation.”

The ICO, which can levy fines of up to £500,000 for data protection breaches, did not disclose whether it had fined itself for the breach.

In a statement send to IT Security Guru, an ICO spokesperson said: “This incident was treated as a self-reported breach, and was investigated in the same way we would handle any similar incidents reported to us by others. It was concluded that it did not amount to a serious breach of the Data Protection Act, and the internal investigation was concluded.We are unable to provide details of the breach at this stage, as the information involved is linked to an ongoing criminal investigation.”

President of the National Association of Data Protection Officers, barrister and solicitor, Stewart Room, said that even though the ICO said it was ‘non-trivial’, if the ICO declines to explain the situation on the basis that a FOI statutory exemption applies, then there will be more concerns about transparency, fairness and natural justice.

“Particularly because the ICO is currently acting as judge in its own case on subject matter that it is the regulator of, about which it has been particularly tough where third party data controllers are concerned,” he said.

“As to whether a fine could be imposed on the ICO, the answer must be yes as a matter of law. Moreover, I doubt that ICO will claim that it should get some kind of exemption or special treatment.”

NADPO chair Jon Baines said that the ICO has to investigate/enforce against themselves regularly with FOI act requests, and they draw a distinction between “the commissioner” and “the ICO”. He said: “If it fined itself, then a) its own monetary penalty notice guidance requires it to put all notices on its website, and b) as it determined that this wasn’t a ‘serious’ contravention, then the statutory threshold was not met.”

Room suggested that it is impossible to justify ICO being a judge in its own case and the only way that justice can be seen to be done is via independent oversight, for there to be a regulator for the regulator.

“Independent scrutiny might be provided by Parliament, although that risks a charge that ICO’s independence is threatened,” he said. “A more practicable approach would be to set up a ‘clean team’ of external investigators who are truly independent of ICO.  This body would look to see whether ICO has breached the law and, if so, whether it should be sanctioned.

“The Commissioner, who is legally distinct of ICO, would be expected to act on the external team’s findings. All of this work would be done as transparently as possible, but with necessary savings for other interests.”

FacebookTweetLinkedIn
Tags: attackBreachComplianceICO
ShareTweetShare
Previous Post

CNET hackers demaned one Bitcoin for stolen information

Next Post

Who does responsibility lie with for incident response?

Recent News

security

What Is Observability, And Why Is It Crucial To Your Business?

March 21, 2023
Organisational Cybersecurity.jpg

How Emerging Trends in Virtual Reality Impact Cybersecurity

March 21, 2023
Nominations are Open for 2023’s European Cybersecurity Blogger Awards

Nominations are Open for 2023’s European Cybersecurity Blogger Awards

March 20, 2023
TikTok to be banned from UK Government Phones

TikTok to be banned from UK Government Phones

March 17, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information