Hundreds of Bank Account Details Left In London Pub

twoheadedboy writes "Another day, yet another data security failure. Two companies have been found in breach of the Data Protection Act after tens of thousands of tenants' details were left at a London pub, alongside 800 records with bank account details. A contractor who had stored data from two different companies on an unencrypted USB drive was responsible. We've all lost things on a night out, but rarely is it other people's banking information. The two firms involved have been told to get a grip on their security procedures, but they escaped a fine from the ICO."

more details

[rbrausse]

the BBC article has some more depth (and the site is _much_ faster...). the most interesting sentence is "The memory stick was handed into the police on the weekend of the 5th March and safely retrieved." (emphasis added)

why took it 5 months to disclose the data breach?

Re:Why didnt they get a fine?

[xaxa]

The article says "The ICO will only enforce a monetary penalty when it believes there has been noticeable damage to affected parties."

The ICO is useless

[Heed00]

The ICO has failed time and time again to bring sanctions against infringers. Hell, BT tapped 100's of thousands of its customer's internet connections and never was sanctioned by the ICO or brought before a court to answer for its crimes. The ICO seems to take the attitude that the offenders just simply made a mistake and can't we just forget about it as we're sure they are sorry now -- they took action in just over 1% of cases and levied fines far less than that:

...the ICO acts on just 1.4% of data breaches and only fines 0.15% of offenders.

http://www.techwatch.co.uk/2011/04/22/ico-penalises-less-than-1-of-security-breaches/