FREE GDPR Helpline
Call +44 (0) 208 133 2545
Hey all, so I am writing this week to start a bit of a conversation and I would love comments, grief, love in response to this.
Right… onto the subject of data breaches there have been tonnes of them recently so let’s talk about it. A good consultant said to me earlier today, “There is no such thing as absolute security” and that got me thinking.
Some of you might have seen the series Mr Robot, for those of you who do not know, it is about a group of hackers who attempt to take down the world’s largest conglomerate. Now with that in mind, I want to know, if you are maliciously hacked relentlessly and data is breached then is it fair that you are still fined? Do you still get fined? Can you report hacking attempts to the ICO? Can they can take that into account when issuing a fine?
Back to what I was saying earlier about Mr Robot, in the series they go up against state of the art data centre security and still prevail. If you have done everything conceivable to the nth degree to protect your data then does it really make sense to be fined?
My view is that if someone clever enough wants to get into your system they can, and that doesn’t even necessarily need to be with malware. I have seen Kevin Mitnick (arguably one of the best hackers to have ever lived) talk about how he used methods other than those normally attributed to hacking to get into systems. He went as far as impersonating phone company personnel to get to the data he wanted.
So if someone is hell bent on outsmarting you, then are you really a criminal who deserves a fine because you fell victim to someone like Kevin Mitnick?