So, what is the difference between the public and private sectors? Well, if a private sector entity is also regulated by the Financial Services Authority, the answer may be fines of millions of pounds.
Today the Financial Services Authority slapped a £1.26 million fine on Norwich Union for serious failings in its security procedures to protect customers’ confidential information. See press release here.
HMRC and DVLNI, despite each of them losing masses of personal data “in the post”, are unlikely to receive any fines. The Information Commissioner does not have enforcement powers that are anything like as tough as the FSA.