Hundreds of Bank Account Details Left In London Pub

twoheadedboy writes "Another day, yet another data security failure. Two companies have been found in breach of the Data Protection Act after tens of thousands of tenants' details were left at a London pub, alongside 800 records with bank account details. A contractor who had stored data from two different companies on an unencrypted USB drive was responsible. We've all lost things on a night out, but rarely is it other people's banking information. The two firms involved have been told to get a grip on their security procedures, but they escaped a fine from the ICO."

Not even a fine?

[captainpanic]

Companies are legal entities that can get away with far too much!

The police can usually be quite creative when it comes to punishing people when they do something stupid on a night out. There are vague concepts like 'public disorder' or 'disturbing the peace' which allow them to lock up someone for at least a night. Can't they apply that to a company that gets drunk? Close it down for 12 hours until it's sober again?

Re:Not even a fine?

[Bert64]

But the point is that if you were caught doing 10-20mph above the posted limit you would almost certainly be punished for doing so...
Whereas many corporations are caught doing illegal things, and simply aren't punished at all.

There's a difference between simply not being caught, and being caught but let off with little or no punishment. The fact we hear about something in the news means they've already been caught, how many other crimes go undetected?

Re:Not even a fine?

[captainpanic]

A 100 euro fine is normal for a person making a relatively minor mistake... like doing something stupid while drunk, or speeding 10-20 mph.
100 euro is 0.25% of a regular annual income of 40000 euro/year...

I'd like to see a big business take a fine of 0.25% of the revenue (revenue, not profit, obviously) for relatively small mistakes.
Take British telecom (mentioned earlier in this thread) for example: A revenue of about 30 billion euro / year. A minor mistake should lead to 0.25% of 30 billion = 75 million euro.
And that's for small mistakes.

It would certainly bring an extra incentive to be careful.

Re:Not even a fine?

[GaryOlson]

Such dreary and damning words first thing in the morning.
I need to go to the pub for breakfast and beer.

more details

[rbrausse]

the BBC article has some more depth (and the site is _much_ faster...). the most interesting sentence is "The memory stick was handed into the police on the weekend of the 5th March and safely retrieved." (emphasis added)

why took it 5 months to disclose the data breach?

Re:Why didnt they get a fine?

[xaxa]

The article says "The ICO will only enforce a monetary penalty when it believes there has been noticeable damage to affected parties."

The ICO is useless

[Heed00]

The ICO has failed time and time again to bring sanctions against infringers. Hell, BT tapped 100's of thousands of its customer's internet connections and never was sanctioned by the ICO or brought before a court to answer for its crimes. The ICO seems to take the attitude that the offenders just simply made a mistake and can't we just forget about it as we're sure they are sorry now -- they took action in just over 1% of cases and levied fines far less than that:

...the ICO acts on just 1.4% of data breaches and only fines 0.15% of offenders.

http://www.techwatch.co.uk/2011/04/22/ico-penalises-less-than-1-of-security-breaches/

We got our priorities straight here...

[SeaFox]

Lose a prototype iPhone?
Men come busting in to search the apartment of the guy who buys it.

Lose a USB drive with 800 banking records?
A stern talking-to, but no fine.