WELL InfoSecurity Europe is over for another year…and what an event it was.
The big story of the three-day exhibition was the ICO Deputy Commissioner David Smith’s opening address to delegates. Not only did he name and shame the NHS as the worst culprit for data breaches but he warned plans to make some data breach notifications mandatory in the UK as part of a wider European directive are afoot.
The ICO Deputy Commissioner David Smith
He said the European Commission review of data laws will mean huge changes for organisations whose data security has been breached.
“Breach notification is on the agenda”, said Mr Smith. “It’s coming for telecommunications companies, and there’s no logical reason to confine it to them.”
The UK will have data breach notification laws for the telecommunications sector within 18 months and the ICO expects this to roll out to other business organisations.
But perhaps the most surprising part of Mr Smith’s speech was his remarks regarding the ICO’s new penalty powers.
He said: “We have got some more powers now and are no longer the toothless tiger or bulldog we have been described as”.
He told the audience of exhibitors and delegates that the ICO were ready and willing to hand out fines to organisations who deliberately breach the Data Protection Act.
In fact Mr Smith even called for prison sentences for professional data thieves, including private investigators and employees who sell valuable information.
I took some time out from our stand to sit in on the address and when Mr Smith asked for questions from the floor I took the opportunity to pose the final question.
In light of recent market research, which showed smaller SMEs were unaware of the ICO’s new powers, I asked Mr Smith if he was concerned about these findings and if they planned to target a couple of offending organisations soon to help publicise their new ’super powers’.
He replied that while they recognised the need to highlight the new powers to fine small businesses, they would not set out to target any one particular organisation. However his earlier comments on the NHS might suggest otherwise.
No one knows when the ICO will strike but one thing is for sure, it will happen organisations will be fined, despite all the warnings from InfoSec exhibitors.
Over 12,000 people attended the three day event and our stand was busy throughout. We got more than 500 entries to our iPad giveaway, which was won by Rob Howell-Jones.
The busy DiskShred stand at InfoSec Europe 2010
- Waiting for the doors of InfoSec Europe 2010 to open.
Information Security expert and well known blogger /author Brian Honan of BH Consulting dropped by the DiskShred stand. He attended the InfoSec exhibition to sign copies of his new book Implementing ISO27001 in a Windows 7 Environment on the IT Governance stand – his book is a must for every information security practitioner’s technical library.
Also Peter Hayes from the CCTM Secretariat (Claims Tested Mark awarding body on behalf of UK Government CESG) visited our stand to congratulate us on prominently promoting the CESG Claims Tested logo on the stand header.
InfoSec gave us time to network and meet fellow information security Tweeters and bloggers. We met Tim Schraider and Maritz Cloete, two directors of CS Risk Management & Compliance in London, who are avid followers of DiskShred’s comments on Twitter. It was great to put a face to the profile!
All in all it was a worthwhile experience for the DiskShred team. I can only hope events like InfoSec Europe succeed in educating staff from all sectors and business organisations about the importance of information security and data protection.
Check out pics of the event on the InfoSec 2010 Flickr group.
In David Scott’s words, everyone needs to be a mini-Security Officer today. I think Mr. Scott, the author, is right: Most individuals and organizations enjoy Security largely as a matter of luck. For some free insight, check out his blog, “The Business-Technology Weave” – you can Google to it, or search on the site IT Knowledge Exchange which hosts it. Anyone else here reading I.T. WARS? I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors. It has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google IT WARS – check out a couple links down and read the interview with the author David Scott at Boston’s Business Forum. (Full title is I.T. WARS: Managing the Business-Technology Weave in the New Millennium). “In the realm of risk, unmanaged possibilities become probabilities.” Great stuff.