Firms face £20m fines for losing your private data
COMPANIES will face fines of up to £20million if they lose customers’ personal data in cyber-attacks.
A damning report by MPs called for watchdogs to be given the ability to hammer firms in the pocket if they fail to safeguard sensitive information.
Bosses should also be penalised if their business suffers a data breach – with their own pay and perks linked to effective online security, the culture, media and sport select committee has said.
And criminals who hack and sell private information – including names, addresses, phone numbers and bank details – should be jailed for up to two years, according to the cross-party panel.
The far-ranging recommendations were included in a report, dubbed a ‘giant wake-up call’, which was triggered by a series of huge data losses at communications giant TalkTalk. The reputation of the under-fire internet service provider, which has around four million customers, took a battering after it was hacked last October.
The company said about 160,000 people’s details were compromised, with the financial information – bank sort codes and account numbers – of 15,000 customers being stolen. Six arrests have been made, including three teenagers. TalkTalk, which said the attack could cost it up to £35million in lost sales and services, was blasted for its lax computer systems and being slow to inform customers and the Information Commissioner’s Office about the breach.
But research found 90 per cent of large organisations had suffered a security breach, and 25 per cent of companies experience a cyberattack every month. In the public sector, the NHS has the most breaches. Jesse Norman, Tory chairman of the committee, said: ‘This is a giant wake-up call for the industry because the TalkTalk hack showed that even very sophisticated companies in the telecoms area were not invulnerable.
‘Failure to prepare for cyberattacks and failure to inform and protect consumers must draw sanctions serious enough to act as a real incentive and deterrent.’
The report called for the Information Commissioner’s Office, Britain’s data watchdog, to be given tougher powers, including the ability to fine firms if they do not make it easier to verify whether online or phone messages are genuine. MPs said the ICO’s maximum £500,000 fine was ‘not a significant deterrent’ to huge companies. In 2018 the commissioner will be able to order fines of up to £20million or 4 per cent of global turnover.
Information Commissioner Christopher Graham said ‘eyewatering’ fines would make ‘big players sit up and take notice’.