Venyu Blog

I recently added some new channels (ballooning the bottom line of all of my future cable bills, of course) and found among other channels that I will probably never watch (because, let’s face it I’m just not the home and gardening type or QVC knock-off aficionado), the IFC (Independent Film Channel) which is the nightly home of Monty Python’s Flying Circus.

Featured in this particular program was the Python’s classic Spam skit where a middle-aged English couple seated in a faux restaurant has to put up with an endless roll call of menu choices by a bellicose fry cook, almost all of which include the aforementioned mystery meat. When the “wife” (Graham Chapman in frumpy drag), complains to her “husband” (an indifferent Eric Idle) about how every meal on the menu has spam in it, he retorts quite coolly to the cook, “Look, why can’t she just have eggs, bacon, spam and sausage?” at which point a clutch of  Vikings chime in about the glories of Spam (complete with grainy black and white footage of a Viking boat bobbing on the sea as the chorus extolling Spam reaches its crescendo).

Anyway, I bring this up because the ICO (Information Commissioner’s Office) in the UK recently imposed, for the first time, thousands of pounds in penalties for a pair of data breaches. These include the Hertfordshire County Council (£100,000 for faxing sensitive information to the wrong recipients) and employment agency A4e which will pay £60,000 for losing an unencrypted laptop).

The ICO, which is charged with ensuring that individuals’ private details are adequately secured said in a statement, “These first monetary penalties send a strong message to all organizations handling personal information. Get it wrong and you do substantial harm to individuals and the reputation of your business.”

Concurrent with this news was a survey conducted at about the same time that found eighty percent of UK consumers support compulsory public data loss disclosures by organizations. In fact, 70 percent of consumers stated, unequivocally, the need for stronger government intervention with even stronger, more prescriptive regulations necessary for the public good.  Moreover, 62 percent of those surveyed felt that organizations should receive large fines and 31 percent suggested company directors should be subject to criminal proceedings.

As for the damage to reputation, the survey found that 66 percent of all individuals hearing of or learning about the loss of confidential information, will actively avoid the organizations involved altogether.

I hope you’ll bear with me on how these instances are intertwined but it seems to me our cousins across the pond are loathe to put up with invasion of their privacy and, on a larger scale, data breaches. They want to put into place mechanisms to ensure that if either event occurs, there are remedies available to individuals harmed by compromised data.

While it’s true the U.S. has individual data breach laws in place (such as MASS. 201 CMR 17), unlike the UK and its ICO, no federal privacy law is yet available and individuals remain at risk. Indeed, as articulated by Terry Jones’ fry cook in the Spam sketch, you can scream data breach over and over again but unless the private individual (in this case opined by Graham Chapman), can say “enough” I know what I want and I know what you can give me, complete trust over privacy and identity rights will remain nothing more than a menu of Spam ― apparently nourishing but utterly lacking in any meaningful long-term dietary or, in this case, legislative change.