Information Commissioner: data breach fine “won’t make much difference” to eBay
The Information Commissioner has admitted that fining eBay for its massive data breach “won’t make much difference” to the company.
Speaking in the aftermath of the eBay hack that resulted in the theft of 145 million customer records – including email addresses, dates of birth and encrypted passwords – Christopher Graham admitted that sanctions from his office wouldn’t be a huge deterrent to future lapses.
The message for businesses is that you’ve got to be better at security
“The message for businesses is that you’ve got to be better at security, you’ve got to be more responsible about the way that you use our personal information – and if you don’t, you’re not just in trouble with the Information Commissioner, you’re in trouble with your customers, and your potential customers, because your brand is trashed,” Graham told Radio 4’s Today programme.
However, he conceded that the fines handed out by his organisation, such as the one imposed on Sony after the 2011 PSN network breach, would have little effect.
“In the case of the Sony investigation, relatively recently it ended up with a £250,000 civil monetary penalty,” he said. “But to a great global player like eBay, that doesn’t make very much difference. It’s the power of the consumer – if you go off a brand because you don’t think they’re taking your security seriously – that’s the real threat.”
The ICO has the power to fine organisations up to £500,000 for serious breaches of the Data Protection Act and Electronic Communications Regulations.
The ICO has been criticised in the past for picking on soft targets, such as councils and other public bodies, instead of pursuing investigations against private firms.