I had breakfast with Chris Graham, the ICO, this morning.
Well, he was on TV, warning people to make sure their webcams are password protected or closed to outside scrutiny. Apparently there is a Russian website spying on thousands of webcams around the world, a community service provided just to warn all those shopkeepers and concerned parents about what a determined hacker can do.
Mr Graham made a good coherent case when he was talking about lax data security. But he lost me a little bit when he started talking about punishing the offenders. Essentially he was saying that any businesses which were lax about this sort of thing and infringed their customer’s or patient’s rights would be dealt with most severely. I got the impression that they would definitely be grounded for quite a long time. Nanny was not very amused.
The BBC moved from Chris to RBS, who have just been fined another immense sum for cocking up their computer system. Another regulator appeared to lambast the poor beleaguered bank for not understanding its IT responsibilities.
I know, it is hard to have too much sympathy for a banker. They should have the nous and the resources to get their systems right, but the big fines clearly aren’t acting as much of a deterrent and maybe the regulators and the government, who ultimately define their brief, should go back to the drawing board and try educating as well as regulating.
Data is not taken seriously. It never has been. Whenever there is a disaster, everyone gets into a right old two and eight for a day or two, someone gets fined and we carry on regardless. For a business like RBS, their IT systems and security ought be top notch, and if it is not, who is to blame? Obviously the board, who must answer to their shareholders (mostly us, as we still own 80% of it) for this fine, but the question I would be asking is which director holds the responsibility and how much clout does he have at the top table?
The answer is not much; otherwise these mistakes would not be made. None of us put data very high on our agenda, so why should we expect big business to do so? Lip service is paid to data security right from the get go, right up until those hard disks come into our sphere of influence.
Two things should be much higher on corporate agendas; data security and sustainability. The only way to achieve that is to educate people, right from the first time they get an electronic device which connects to the internet. That way, when Wayne and Waynetta buy that cot cam to keep a constant eye on little Tarquin, they will understand that a bored Russian hacker could get past their firewall and have a look at the Bob the Builder duvet.