There is also the simple argument that people want companies to come under greater scrutiny.
LogRhythm research has shown 70 per cent of UK consumers want more prescriptive regulations and 80 per cent support compulsory data loss disclosure.
With so many people wanting stricter laws, it would make sense for companies to really shore up their security something that would benefit everyone from the consumer to the company chief executive.
"Organisations need to move quickly to ensure that their security systems are ready for any data breach disclosure regulations, and that they do not fall into the trap of viewing compliance as a one-time only requirement otherwise, they are risking severe penalties," said Ross Brewer, vice president and managing director for international markets at LogRhythm.
"While the UK is still behind the US in implementing such name and shame' legislation, it's only a matter of time before similar laws requiring mandatory data breach notifications are implemented here."
Time for the ICO to shine?
When laws eventually do come into force making concealment of data breaches a criminal offence, as they are likely to do, it could be the time when the ICO receives praise rather than denigration.
The body has been slammed in the past for not being harsh enough, particularly on private companies. Many thought Google got off very lightly after the Street View scandal. The small fine handed to ACS:Law owner Andrew Crossley did not go down well in some corners either.
When businesses can no longer hide their data offences, however, the ICO won't have many excuses to shy away from fining perpetrators.
If the ICO fails to act sternly when that time comes, it won't be doing itself any favours.
The watchdog has shown it is not afraid to hit public sector firms with significant fines.
It should show that same attitude to private companies too, so citizens' data is universally protected.
-
What is polymorphic malware?Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the companyOpinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
