The combination of a potential £500,000 fine and long-standing brand damage will drive increased investment in data security in 2012, according to a study which shows firms are at last waking up to protecting customer data.
The study, by TechTarget, shows that 43% of businesses polled said they plan to implement data protection initiatives in the coming year. Meanwhile, 21.6% plan to invest in identity and access management and 23.9% in threat management, including anti-malware systems.
Earlier this year, Information Commissioner Christopher Graham warned firms to resist slashing security budgets in straightened times, and the survey would appear to show businesses are finally listening.
The fact that the ICO can also issue fines of up to £500,000 could also be a factor.
The move coincides with the data regulator slapping a record £140,000 fine on Midlothian Council for disclosing sensitive personal data relating to children and their carers to the wrong recipients on five separate occasions.
The penalty is the first that the ICO has served against an organisation in Scotland and surpasses the previous record – £130,000 for Welsh body Powys County Council – issued two months ago.
Under the European Commission’s data protection proposals, published last week, the ICO could get powers to fine companies even more. The EC wants to allow data protection regulators to fine companies up to 2% of their global annual turnover if they breach the law.
Related stories
ICO: ‘Don’t slash data budgets’
New data laws ‘Sword of Damocles’
