"Smith wants to see mandatory notification in cases where personal data might have been exposed but not in situations where an encrypted laptop was lost, for example. He also wants to see private investigators who used trickery to obtain confidential records jailed. "
"MIGHT have been exposed" who will decide if it 'might have'?
"ENCRYPTED laptop" what is the definition of 'encrypted'? (I use ROT-13 so it's ok to lose the laptop and not report it)
"used TRICKERY to obtain.." what is 'trickery'? how is it legally defined?
If you thought he situation was bad right now, wait until these ideas get written up as law.
Mr Pedant here
ROT-13 is not encryption, its encoding - there is a difference (albeit subtle). I thank you. :-)
But I agree totally with your sentiment
ROT-13 is a cipher, it's an instance of the class of ciphers commonly known as a 'Ceaser' or 'Ceaser shift' cipher.
Encryption is the process of applying a cipher.
If you're going to chime in and claim to be a pedant, at least get your fucking facts right.
Peace Little Fishes!
Let's not fight among ourselves when there are bigger and nastier fish out there trying to bite us :)
Quote: "the watchdog would far rather work with organisations towards this than resort to enforcement"
Surely, working with organisations to get things right _is_ enforcement?
Enforcement is taking steps to make something happen - in this case, to prevent data breaches. The alternative (fines) discussed here is not enforcement - it's punishment. They are not the same thing. However the distinction seems to be lost on almost everyone these days. Real enforcement reduces the need for punishment, but punishment does not serve effectively as enforcement - we have centuries of evidence for this. Extreme punishments have never deterred people in general from offending. And it's a matter of externalities in this case. A person who loses a laptop may get their employer fined, and that might lead to their own dismissal, but the next person in line will not be permanently scared by that into being more careful.
"A person who loses a laptop may get their employer fined, and that might lead to their own dismissal, but the next person in line will not be permanently scared by that into being more careful."
Seriously ? You don't think that being told on day one that your predecessor was sacked for being careless with data would make you even little bit more careful ?
Beat me with a marshmallow and call me Sally
"He stressed that the watchdog would far rather work with organisations towards this than resort to enforcement."
So in fact what will happen is that - in the unlikely event of ICO stirring from it's sleepy Cheshire lair and actually going out to see someone who has breached the DPA - the offender will still be able to look forward to nothing more than a quick chat and a "bad show, chaps".
What would actually concentrate minds would be a preference toward enforcement, and a preference toward the top end of the fine scale.
For a long time we did all decry ICO as toothless, and they knew it was so and asked for more powers. Recently it seems that every time they get a new one they make a public statement to the effect that they'd, y'know, rather not use it actually.
Disband ICO, hand DPA enforcement responsibility over to the rozzers (where it properly belongs anyway), where the perverse incentive of 'detection' targets would ensure that an open and shut case like a laptop left in a car-park with a couple of cheeldren's addys on it would be prosecuted with the sort of enthusiasm one might expect of a murder case. Problem solved.