Let us return to the TalkTalk saga of last year when a number of their customers had their details hacked

TalkTalk - Joke Of The Data Protection Act

Now that TalkTalk have crystallised the extent of the breach (despite their CEO Dido Harding not having a clue and yet pocketing a £2.8 million salary) - it would seem that the information commissioner has given TalkTalk a record fine

TalkTalk - fined £400,000 for mass hacking breach

Although one has to question the miserly level of the fine which was £400,000 to cover the theft of the details of 156,959 customers data

Does the information commissioner really believe that a fine of £2.55 per customer breach is in any way appropriate or adequate?

After all assuming that it only takes a customer 1 hour (whereas in reality the time would probably be a great deal more to put right damage caused by this event) at the minimum wage (£7.20) to put right the potential damage or changing bank passwords etc. the fine should have been a minimum of £1.1 million

Furthermore, if a reasonable penalty of £100 per breach was imposed then it would have cost TalkTalk a far more respectable £15.6 million

Bearing in mind the following two comments - one really does have to wonder what planet both the ICO and TalkTalk are on

 

Elizabeth Denham, the information commissioner, said:

“Today’s record fine acts as a warning to others that cybersecurity is not an IT issue, it is a boardroom issue. TalkTalk’s failure to implement the most basic cybersecurity measures allowed hackers to penetrate its systems with ease”

 

 

The above comment by the ICO is complete nonsense!

Bearing in mind that TalkTalk have just stated that fixing the problem cost them about £60m, why would the prospect of a £400K fine actually encourage any organisation to volunteer to spend £60m up front fixing problems when they can simply await a breach and only then be required to pay the cost of correcting their systems

It is simple really - why fork out £60m until you are caught - and even then the fine pales into insignificance beside the cost to rectify the problem

Especially (as in TalkTalk case) where the company makes it incredibly difficult for those who have been affected to break their contract and leave for another provider

 

TalkTalk

“said that the hacking incident cost about £60 million to resolve, was “disappointed” by the decision to impose the fine for breaches of Britain’s Data Protection Act”

 

Oh well! seems that matters are still OK on the CEO/Directors circuit and no-body is held to account - so nothing really changes with the cosy arrangement within big business

Move on and don't create waves - or alternatively, trot out the trite fall-back response about taking it on-board and learning from the incident

Dido Harding should learn from the incident by collecting her P45 on the way out

Reference

TalkTalk CEO Dido Harding Pockets £28m

Tags: | Categories:
Comments are closed