Security chiefs concerned about data security gained a boost this month when the UK’s Information Commissioner (ICO) was given new powers to fine companies breaching data protection laws or mishandling personal information.Whilst many security professionals still think that the ICO lacks teeth in many areas - especially compared to its US equivalent - greater fines and beefed-up legislation are seen as vital to help security staff bring the issue of data protection to the attention of senior managers.

Large fines, and perhaps more importantly the reputational damage that can go along with them, helps security chiefs ensure that data protection becomes a board room issue and a key element of any information security or risk management strategy.

One senior security professional talking anonymously to Verbatim said: “Whilst there’s still too little guidance and definition about what a ‘serious breach’ is, the ICO’s powers and the fines that can be levied lets us raise it as a serious issue at a senior level. It enables us to put more definition around what a serious security breach is, what we would do about it, who would be party to it and how we would to communicate it.”