On 6^th April, the Information Commissioner’s Office (ICO) will collect new powers enabling it to discharge the sort of stern clip around the ear that recalcitrant corporate data abusers rightly deserve.   Ahead of the big date, the Deputy Info Comm himself has been on the PR offensive to balance the iron fist of £500,000 fines on the one hand with the olive branch of guidance, sympathy and a nice cup of tea in the other.

Working at the ICO must be a bit like being a police officer attached to the ‘don’t drink and drive’ initiative circa 1975.  Everyone says it’s an important and worthy cause, but not enough to radically alter behaviour.  Not yet anyway…

Unlike the booze lobby who dragged their heels encouraging drinkers to leave their car keys at home, at least the ICO has an ally among the vendor and reseller community.  At least when they aren’t overdoing the FUD anyway…

Dare to look at your inbox and they’ll be sales pitches telling you that if it isn’t impending regulatory compliance of one form or another that is hours away from burning down your house and strong-arming your kids off to a Siberian gulag, then bet your bottom dollar the ICO will soon be rapping your quivering buttocks with court summons to pay a £gazillion data breach fine.   But scare tactics only work up to a point, and it’s encouraging to see that the ICO appreciate that fact.

What broke the back of the drink drive problem wasn’t just shock and awe, or education – it was honesty.  People were honest with each other, admitting they’d done it, that it was wrong, and that they wouldn’t do it anymore.

Honesty in terms of data breaches would start with many IT depts admitting they don’t have a terrific handle on exactly what the hell is going on event logging and reporting wise, and that in the event of a critical issue they wouldn’t have the internal resources to deal with it.  While that may necessitate a technical solution from a trusted source, internal corporate paymasters need to sit up and listen too.

Keeping data secure is a strategic issue, and not simply an operational one.  IT pros may or may not need help to solve it, but they could all do with extra time and resources to avoid it getting washed overboard by other ‘priorities’.