Back the Act: an unsatisfactory end to the Powergen affair

The something in question was to support the Data Protection Commissioner (DPC) which has, in theory, the power to punish firms that fail to implement suitable security policies.

We felt that the DPC has the necessary legislative backing - the Data Protection Act - but lacks both the political will and the funding to make it a powerful deterrent.

Friday's news that the DPC is washing its hands of the Powergen affair only strengthens our resolve, and underscores the need for action.

Assistant DPC commissioner, Phil Jones, says he's helpless to act against the utility. "Parliament didn't give us enforcement powers. We don't have a 'rapping over the knuckles' power."

He does, however, have the power to issue enforcement notices but the process is so cumbersome and time-consuming that the DPC is loath to follow that path.

And it's not hard to see why. The DPC is 'blessed' with an annual budget of £5m and a staff of 100. Compare that with another government agency, the Health and Safety Executive (HSE), which has £178m a year and 4,200 staff to spend it.

The result? Last year the HSE brought prosecutions against 1,550 firms. By contrast the DPC's work resulted in just 130 prosecutions, and none of them were IT-related.

Maybe it's not an exact comparison. HSE deals with life and death. But so too will the DPC if healthcare information falls into the wrong hands. Either way, it seems reasonable to expect closer funding models for these two government agencies.

Later this month Parliament will reconvene. MP Martin O'Neil has promised to examine the case of the DPC. For the hundreds of silcion.com readers who have already supported our campaign, this is a welcome move. For everyone else, there is still time to Back the Act - at backtheact@silicon.com