IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

ICO fines less than one per cent of DPA breaches

Despite having the power to punish organisations who flout data protection laws, the ICO hands out fines to less than one per cent.

The Information Commissioner's Office (ICO) fines less than one per cent of organisations breaching the Data Protection Act (DPA).

This was the finding of a freedom of information (FoI) request put forward by encryption firm ViaSat. It discovered only 36 out of 2,565 data breaches were acted on by the ICO and just four cases resulted in monetary fines.

The ICO has had the power to fine organisations up to 500,000 for breaching the DPA since April last year, but the total brought in so far has only reached 310,000.

When IT PRO spoke to the ICO this morning, it claimed there was "certain criteria" necessary to impose monetary penalties and they were only enforced for "the most serious breaches causing serious distress."

A spokesperson said: "Our focus as a regulator is on getting bodies to comply with the [DPA]. This isn't always best achieved by issuing organisations or businesses with monetary penalties."

"The action we will take depends entirely on the details of each individual case. The existence of civil monetary penalties has had a markedly beneficial effect on compliance generally. The big stick is there, but doesn't need to be deployed all the time to have an effect."

However, Chris McIntosh, chief executive (CEO) of ViaSat, doubted this theory.

"The ICO has stated that the embarrassment and poor image of a fine will act as a deterrent and an incentive to improve an organisation's grasp of the data protection act. However, if fines are rare and well below the maximum allowed limit, their value as a deterrent drops," he said.

"Organisations will view the rarity of a fine and the associated negative publicity the same way they have viewed the threat of a data breach itself: an event that only happens to other people."

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

ICO crackdown on AI recruitment part of three-year vision to save businesses £100 million
data protection

ICO crackdown on AI recruitment part of three-year vision to save businesses £100 million

14 Jul 2022
The public sector will no longer face eye-watering data breach fines, ICO confirms
public sector

The public sector will no longer face eye-watering data breach fines, ICO confirms

1 Jul 2022
MoJ faces £17.5m GDPR fine over subject access request backlog
data protection

MoJ faces £17.5m GDPR fine over subject access request backlog

20 Jan 2022
Cabinet Office fined £500,000 for New Year Honours data leak
data breaches

Cabinet Office fined £500,000 for New Year Honours data leak

3 Dec 2021

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022