Larger Fines for Data Breaches

Many people see 2015 as the year that data breaches and hacking were brought to the fore for businesses across the globe. From Ashley Maddison, to TalkTalk, the major brands experienced huge upheaval, thanks to the weaknesses in their online security systems being expertly exploited by cybercriminals. Interestingly, off the back of what was a disastrous year for many, January 28th 2016 was coined as #DataProtectionDay, with an awareness campaign organised to tackle the ignorance surrounding security.

The obvious fallout from a data breach is the publicity that surrounds it, and the inevitable drop-off of customers. Trust and integrity are major buzzwords that are thrown around a lot in marketing, and across many industries. They are used as USP’s by many, when in fact they should be seen as mandatory. Consumers expect you to treat them well and protect your data to a satisfactory level. When that trust is broken, the reputational damage can be enormous, and for smaller companies this can be impossible to recover from.

As well as damage to reputation, and a mass exodus of clients, there is also the threat of heavy fines hanging over the head of those who fail to secure against breaches. Under current legislation, the Information Commissioner has the power to impose penalties of up to £500,000, should the company in question be considered negligent. This figure looks set to rise to £1million over the next 12 months at least, and there is even the threat of maximum fines of up to 20 Million Euros as of 2018, or 4% of global turnover, thanks to a new General Data Protection Regulation introduced by the EU.

At present, there is no talk of criminal penalties for unethical data handling. Unlike abuse of Health and Safety regulations, data security leaks are yet to be classified in the same way, meaning prosecution may be a long way off. Interestingly, the commissioner, Christopher Graham, has been keen to stress that the real punishment for companies should be the loss of customers, and not the threat of larger fines. He urged responsibility, citing a moral obligation as more pressing than a financial penalty risk.

One of the biggest changes that 2015 brought to the cyber security mind-set, was a shift towards SME hacks. Although the big brands received the headlines, the Government Security Breaches Survey found that 74% of small businesses reported a security breach in the last year, a huge increase from 2013 and 2014. Most were simple spear phishing attacks, with the use of fake emails, though others involved blackmail to release data encrypted by criminals.

So, for small businesses and large organisations alike, the threat of cyber-crime is very real. Whether it is fear of the reputational damage a breach can cause, with 54% of consumers likely to walk away after an attack, or the threat of huge fines thanks to new EU regulation, it is important to begin taking the necessary precautions now, and understand exactly what will be mandatory.

From needing to make sure that you can delete consumer data quickly on request, to obligatory reporting of security breaches, the rules are changing. At Digital Pathways, we make it our duty to understand every detail and help our clients to adapt. If you are wondering ‘what next?’, then call us today on 0844 586 0040 today.