The U.K. Information Commissioner’s Office did an interesting two-year trial and the results suggest that publicly reprimanding public sector entities over breaches and data leaks is an effective strategy — even without any monetary penalties. Infosecurity Magazine reports:
The publication of reprimands following data leaks has been cited as an “effective” deterrent for public authorities.
This follows a two-year trial led by the UK’s Information Commissioner’s Office (ICO) which sought to work proactively with the public sector to encourage data protection compliance.
Over the two years of the Public Sector Approach (PSA) trial, the ICO has published around 60 reprimands issued to public bodies.
The reason such reprimands have been affective [sic] is because of their potential for reputational damage and impact on public trust. The reprimands can also be used to capture the attention of senior leaders, according to feedback of the ICO trial by public authorities.
Read more at Infosecurity Magazine.
But would this work with any other sector or in the U.S.? It would be interesting to find out.
Related: Statement on the public sector approach (John Edwards, UK Information Commissioner, December 9, 2024)