Wednesday, 30th May 2012
Tim Buckley Owen
When there were less than 40 days to go, LiveWire’s Joanna Ptolomey reported on research from KPMG showing that as many as 95% of companies weren’t ready – even though the UK privacy regulator the Information Commissioner’s Office (ICO) may now impose fines of up to £500,000 for non-compliance. In truth, though, what can the ICO actually do?
During the grace period of a year before actively enforcing the European Data Protection Directive, it spoke about the changes at a mere 30-odd events and wrote to no more than about 50 popular websites (according to an ICO blog). It’s obviously stretched, and it’s probably going to be a while before it can start imposing sanctions.
But when it does, it may have to start pretty close to home. A Cabinet Office spokesman told the BBC recently that most of the UK government’s own websites wouldn’t be ready in time.
The Local Government Association added that the ICO would continue to work with bodies that at least showed a commitment to implementing the rules, rather than prosecuting them. And the ICO has implicitly confirmed this, appealing to government bodies that are compliant to share their expertise with others.
The irony of all this is that the users the rules are supposed to protect don’t seem to care very much. According to a survey by eDigitalResearch, three quarters of online consumers hadn’t even heard of the EU’s cookie law – although when told about it almost 90% thought it was a good thing.
In reality, though, people seem to prefer to vote with their wallets. Another survey, from the Internet Advertising Bureau, found over half of people saying they would rather have cookie-based targeted ads than be required to pay for internet services.
So do non-compliant bodies need to worry? The ICO’s own guidance (downloadable via the ICO blog mentioned earlier) states that monetary penalties will be reserved for the most serious breaches – but it also says that non-compliant bodies will need to have a pretty good excuse, and it has made it dead easy for people to report their cookie concerns.
A look at the ICO’s track record removes any doubt about its willingness to prosecute where necessary. Penalties may be reserved for the most egregious of cases – but it’s only going to be a matter of time before it decides to make an example of somebody.
Related Blog items:
Document the value chain, and transform the way you think about, manage and report on your product portfolio and your information service contributions to your organisation goals.
Focus on Value Chain
Risk assessment is a required process for a healthy information department. It gauges the ability of your services, team, portfolio and overall value to withstand stress.
Focus on Risk Assessment
Sorry, there seems to be a problem with Webinar and Community listings. Please let us know, by email to firstname.lastname@example.org. Thank you.
Our proven processes, resources and guidance will help your team make the shift from transaction centre to strategic asset.
Designed around the most common challenges and pain points for time- and resource-strapped information teams
Supercharge remote productivity and value
Holistic content portfolio management
Future-proof your information service
A tailored overview of our research and active discussion with your Jinfo analyst.
Measure your starting point to articulate your strengths and set priorities for future improvements. Assessments gauge risk, capacity, value and more.
Read case studies, and start the conversation:
Connect your team with the practical tools, original research and expertise to build and support information strategy in your organisation.
A Jinfo Subscription gives access to all Content (articles, reports, webinars) and Community.