Since April this year the entire infosecurity industry in the UK and beyond has been waiting with baited breath for the dreaded £500,000 fine to be levied.

It is now August and yet with several high profile breaches, including that of Barnet Council and the Kent Police, made public, a financial penalty has yet to be issued by the ICO.

When Google revealed its Street View cars inadvertently collected data from unsecure Wi-Fi networks, the authorities in Germany, Australia and America were quick to take action.

And while it is not fair to lay all the blame at Google’s door – why were so many Wi-Fi networks left unsecure?? – we can’t ignore the fact that personally identifiable information was harvested by Street View without our knowledge.

The ICO visited Google HQ and examined a sample of the ‘payload’ only to find the information did not include “meaningful” details which could be linked to an individual.

They said in a statement: “As we have only seen samples of the records collected in the UK we recognise that other data protection authorities conducting a detailed analysis of all the payload data collected in their jurisdictions may nevertheless find samples of information which can be linked to identifiable individuals.

“However, on the basis of the samples we saw we are satisfied so far that it is unlikely that Google will have captured significant amounts of personal data”.

So while Google gets sued in the US, Street View cars are back on the beat in the UK, albeit this time without the offending antennas.

At least we can watch horse boy in Aberdeen, shark attacks in Oxford and Paddington Bear strolling down Trafalgar Square, while we wait for the ICO to bear its teeth.

Poised to attack, the ICO is ready to dish out hefty fines to those who are careless with their data security.  But recent market research showed smaller SMEs were unaware of the ICO’s new powers.

For Northern Ireland companies unsure about the changes in the law there is a conference next month that can help. 

The Legal-Island Data Protection & Compliance Update Conference takes place on Thursday 3^rdJune at Dunsilly Hotel, Junction One in Antrim.  The full day event aims to arm organisations with all the very latest information on how to comply with the new measures and avoid the substantial monetary penalties now in force.

The conference will break down the responsibilities of organisations when processing employee or customer data, explain the new penalties and advise on data storage or disposal.  The afternoon session is broken into three streams – Customer Data, Marketing Both Online and Offline and Human Resources.  Delegates can choose which stream will benefit them the most.

Conferences like this are very beneficial for organisations particularly management staff and those in charge of sensitive information.  As I have said many times it is vital to educate staff on data protection and it is the responsibility of management to initiate and then enforce security protocols in the workplace.

If that hasn’t sold you perhaps one of the speakers will.  Catherine Vint, a senior investigator in the Information Commissioner’s Office Northern Ireland will be addressing the conference.  Where better to get advice on how to avoid the £500k fine than from the ICO itself?

And if that still hasn’t sold you – we’ll be there!  DiskShred are one of the sponsors and we’ll be exhibiting at the conference.  If you have any questions about secure data destruction feel free to drop by and say hello. 

Full conference details and prices can be found here.

Such details are potentially lucrative in the hands of criminals, so the public expects them to be treated with care and respect.

But if the information is disposed of carelessly and customer trust abused, the company in question stands to lose considerably in terms of damage to its brand and loss of reputation.  A good name can be a company’s most important asset – and take years to build. 

Lose your good reputation and potentially you could lose your company.  And that in turn impacts upon the people who work for you and your customer base.

To avoid this, public and private sector organisations must treat the protection of

customer data with the utmost seriousness.  And when that information becomes obsolete, those organisations are obliged to dispose of that same information with equal fastidiousness.

How we permanently dispose of redundant I.T. equipment is now governed by the EU’s WEEE Directive, but disposal of the data on the hard drives is not.

Up until now, we had to rely on companies performing their ‘duty of care’ under the Data Protection Act and handling such disposal responsibly – but there was little incentive to do so, outside of an organisation’s own sense of obligation.

However, from April, the Information Commissioner’s Office (ICO) will have new powers to fine organisations up to £500,000 for “deliberate or negligent” breaches of personal data.  

Responsible organisations must put proper data disposal policies and procedures in place now – not just to avoid the wrath of the ICO but also to protect their businesses and livelihoods.