Companies Could Face $22 Million Fine If They Fail to Protect Against Hackers!
https://www.ispeech.org
Over the past few years, massive data breaches have become more frequent and so common that pretty much every week we heard about some organization being hacked or hacker dumping tens of millions of user’s records.
But even after this wide range of data breach incidents, many organizations fail to grasp the importance of data protection, leaving its users' sensitive data vulnerable to hackers and cyber criminals.
Not now! At least for organizations in Britain, as the UK government has committed to updating and strengthening its data protection laws through a new Data Protection Bill.
The British government has warned businesses that if they fail to take measures to protect themselves adequately from cyber-attacks, they could face fines of up to £17 Million (more than $22 Million), or 4% of their global turnover—whichever amount is higher.
However, the financial penalties would be a last resort, and will not be applied to those organizations taking proper security measures and assessing the risks adequately, but unfortunately become a victim of cyber-attack.
The penalties would be issued by the data protection regulator, the Information Commissioner's Office (ICO).
"Our measures are designed to support businesses in their use of data and give consumers the confidence that their data is protected and those who misuse it will be held to account," Digital Minister Matt Hancock said in a government press release.
Hancock said this newly-proposed Data Protection Bill would:
- Make it easier and simpler to withdraw consent for the use of personal data
- Allow people to ask for their personal information held by organizations to be erased
- Enable parents to give consent for their child's data to be used
- Require "explicit" consent to be necessary for processing user's sensitive data
- Expand the definition of "personal data" to include IP addresses, DNA and internet cookies
- Strengthen and update Data Protection Law to reflect the changing nature and scope of the country's digital economy
- Make it easier and free for users to require companies to disclose the personal data they hold on them
- Make it easier for users to move data between service providers
The proposal is being considered as part of a government consultation launched on Tuesday by the Department for Digital, Culture, Media and Sport for deciding how to implement the Network and Information Systems (NIS) Directive from next May.
This is separate from the General Data Protection Regulations (GDPR) that is aimed at protecting data rather than services.
The GDPR will replace the British Data Protection Act 1998 from 25 May 2018 and the government has confirmed that Brexit will not change this.
This new proposal is mainly focused on ensuring critical infrastructures, like transport, health, energy, and water are protected from cyber-attacks that could result in major disruption to services, as was seen in Ukraine last year.
The proposal will also cover other cyber threats affecting IT infrastructures such as power failures, hardware failures and environmental hazards.
The move comes after the British NHS (National Health Service) became the highest-profile victim of the recent WannaCry ransomware attack, which resulted in the shutdown of hospitals and operations, patient records being made unavailable and ambulances being diverted.
(It’s about time someone got tough on companies who do not take pains to secure their and their Client’s data. This needs to be enacted here in the US also, and soon!
There is SO much furor over cyber-attacks, hacking and ransomware all over today’s news that one would have to be deaf, dumb and blind not to know what is going on. And, in today’s world there is NO reason not to take proper precautions as there are so many companies able to help.
[adsense size='1' ]
We, among many others, have been preaching data security, IT security and email security for at least the last decade! What will it take to spur action? Maybe this idea will work. Fines do have a way of getting people to pay attention.
One question we have is where will all the money from fines go? Fears that it will disappear into Government coffers are real concerns. We believe the funds should go directly into law enforcement to go after these criminals harder!
Or at least into a consortium that would be tasked with rooting out these criminals and bringing them to justice. This also means confiscating their assets and adding those funds into the pot.
The big question of the hour is: “Will things go this way or will people be lazy and greedy by just taking the funds for pork and not providing them to make things better, safer and more secure”?
We have seen this happen historically over and over again. So, the question remains, how do we, the industry, consumers and others, control the expenditure of funds? We would love to hear your ideas for only the open, free discussion of ideas will make things work.
Gloss