This morning, I retweeted a link to an article (in Dutch) published by a Belgian newspaper. It looks that Belgian municipalities (small as well as largest) which do not properly secure their data could be fined in a near future! Public services  manage a huge amount of private data about us. They know almost everything about our lifes! Increasing the security around these data looks a very good idea but… are fines a good idea? Fines are very repressive.
I’ll make a rough comparison with speeds tickets. I’m driving a lot, always on the road between two customers. More kilometers you spend on roads, more chances you have to be controlled by speed cameras. Sometimes, I receive a nice gift… a speed ticket! Ok, I admit: it’s frustrating. I’ve always the feeling to be 0wn3d but guess what? I just pay the bill and continue to use roads as before. This does not affect my way of driving, it is “part of the gameâ€. I even know people who reserve a budget to pay their speed tickets! Just like any other risk, it can be quantified and we are free to take it into account … or not! Where is the breaking point between paying fines and driving slowly?
Let’s go back to Belgian municipalities. They could be facing the same issue: To invest in information security (tools, services, audits) or cross their fingers and hope to not be cought? The could also reserve some budget to pay fines. Fortunately, before punishing the bad players, the authorities will perform some checks as stated in the article:
By beginning of the next year, all municipalities must have a safety plan in place.
IMHO, fines won’t be the solution! Instead of paying fines, why not invest this money into security projects? When a company (read: “with commercial activities“) has to pay a fine in case of security incident, only its customers are affected. In case of a municipality, all citizens are involved as the buget is based on taxes! Instead of repression, authorities must implement more prevention like forcing municipalities to have a safety plan. Repression gives always a feeling of acting badly while prevention helps to stop something from happening or arising!