Re: Good
As I've said before we should start ICO related fines at the maximum and look for reasons to lower it, don't find any? Fine at the maximum amount.
Right now we gradually put a few quid onto the fine and start at zero, resulting in us never giving the maximum EVER and a majority being a pittance.
They should have to prove the controls they had in place before, contracts, safeguards, training etc. Then they can show how quickly they reported the incident to both the ICO and those affected, then lastly what they've done since reporting. If all of those are dire they get hit with the maximum.