James Governor's Monkchips

Why HIPAA and the UK Data Protection Act are bloody useless

Share via Twitter Share via Facebook Share via Linkedin Share via Reddit

If there is no enforcement legislation provides no protection for consumers or citizens. Heathcare Insurance Portability and Accountability Act (HIPAA) just acts as a fig-leaf, a compliance tick-list item, but what is really needed is a culture of security, a culture of really caring for your customers’ information. (hat tip Anton)

In the UK the data protection act is just as much of a lame duck. Codes of practice and enforcement notices achieve nothing.

More California-style notification legislation please. Bring on that sunlight! Bring on that disinfectant. Bring on some jail sentences for negligence.

I have talked to many people in the security field that claim their clients are deeply worried about reputational damage concerning breaches. They always seem shocked when I tell them its nonsense. The share price hits, where there are any, don’t last more than a few days…Reputational problems mean nothing when all the companies in a sector don’t get it.

If organisations were serious about data governance, new breaches wouldn’t bubble up every week.

Customers and citizens are being screwed. I am with Greg when it comes to the problem description, but I disagree about the solution. I actually think stronger legislation around notification is called for. The market is failing to come up with a solution and complaining isn’t getting us anywhere. We need lawyers and police involved. Sad but true. Maybe Elliot can step up once he gets this little case he’s working on finished.

Tags: , , ,

5 comments

  1. James,
    Bit odd that Spain’s law is based on the same directive, and they fined the spanish big brother TV company over million euros for a data protection breach. They also fined other companies big fines..

    In the UK the average fine was 250 quid, with only 12 prosecutions…

    more of course at https://theotherthomasotter.wordpress.com/wp-admin/post.php?action=edit&post=73

  2. yes Spain is a far agressive in driving compliance. telefonica was fined nearly a million euros for cross selling to a customer it shouldnt have. i believe czech republic is quite strong too.

    i would like to see a european watchdog with real teeth, or at least national watchdogs that didn’t sit on their hands

  3. Agreed on all counts. The issue in Europe is the speed (well lack of) in implementing legislation which has to preceede any level of enforcement. In Ireland, the data protection inspectorate has teeth but only uses them (currently) in the financial services sector. This is set to expand but avoidance of a stuation in which local law impedes or runs against Euro law is a major complication. I think it is fair to say however that it is on the way but in the interim, consumer vigilance and comittment is required while we exist in a caveat emptor data protection environment.

    John
    John O’Neill is PRO with backupanytime
    http://www.backupanytime.com

  4. cheers John. yes the difference between framework and implementation is ridonkulous.

  5. The u.s. congress betrayed all americans and the world when they passed a law that stated corporations could lie without breaking the law.

    Congress itself is all whored out to the m.i.c. and nsa. The bankers that rob the public with immunity will need to profile and spy on all citizens to front run their fear of mutiny.

    They just want to own the economy for profiteering while the workerbees compete to the bottom and the left-outs suffer and die.

    2000 years ago Jesus protested this very same dilemna. They killed him to make an example of him and to hold their power over the population they fed upon.

    With this sort of corruption power and wealth at the top of the food chain, you the working person – the do’r for the own’r – will continue to lose and your children will suffer much more.

    A man and his family need to be self sufficient – to be able to say NO to bad bosses and predatory wallstreet thieves.

    Wallstreet fears a nation of people that can say NO.

Leave a Reply

Your email address will not be published. Required fields are marked *