ICO blasts businesses for data breach record

The private sector needs to be more open to audits, the ICO says, after businesses are found to have a comparatively poor data breach record.

Sensitive data

Private companies reported more data breaches in 2010/11 than any other sector, according to the Information Commissioner's Office (ICO).

Of the 603 data breaches reported to the ICO in 2010/11, 186 were from the private sector, the watchdog's annual report showed.

Information commissioner Christopher Graham called on more businesses to offer themselves up for data protection audits. Only 19 per cent of private firms contacted the ICO for an audit in the last year.

"Lenders, general businesses and direct marketing companies account for almost a third of total complaints to the ICO, and businesses were the top sector for reporting data security breaches to us last year," Graham said.

"Despite this, many of them are still resisting our offer to undergo audits. We've written to organisations we consider to be high risk but the response has been disappointing."

Where are the fines?

Talking of disappointment, some have questioned the ICO's response to private sector data security practices.

Last year, the ICO was lambasted for not taking stronger action against Google, although the regulator said it was powerless to act on the search giant due to timing issues.

The ICO was handed the ability to fine companies up to 500,000 in April 2010 after Google collected data during its Street View rounds in the UK.

Stewart Room, partner in Field Fisher Waterhouse's Privacy and Information Law Group, said the annual report raised "some very interesting questions."

In particular, Room wondered why almost a third of security breaches reported to ICO occurred in the private sector, yet only a quarter of all financial penalties were imposed on businesses.

"The impression is being given that ICO will take tough action against relatively weak opposition, but may not be willing to fight tougher battles," Room told IT Pro.

"Another interesting question is why only four fines, when there have been over 600 reported incidents?"

The ICO said it only handed out fines where necessary, regardless of whether the firm was public or private.

"The ICO applies the same published criteria to all cases where we believe that a monetary penalty might be appropriate," a spokesperson said.

"We do not distinguish between the public and private sectors when following this guidance."

Earlier this month, the ICO found five NHS bodies in breach of the Data Protection Act. The public body has been repeatedly caught out in breaking the Act, yet no fines have been handed out.

The ICO spokesperson said the body was not afraid of hitting the NHS with a fine, if it were deemed suitable.

"The ICO is currently investigating a number of data breaches that involve organisations within the NHS," the spokesperson added.

"If the situation merits it, we will not hesitate to issue a civil monetary penalty against an organisation within the NHS."

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

ICO launches AI risk assessment toolkit for businesses
Information Commissioner

ICO launches AI risk assessment toolkit for businesses

21 Jul 2021
What is the Information Commissioner’s Office (ICO)?
Information Commissioner

What is the Information Commissioner’s Office (ICO)?

15 Jul 2021
NHS adopts predictive AI tech from controversial startup
public sector

NHS adopts predictive AI tech from controversial startup

26 Apr 2021
NHS to digitise coronavirus testing with new Scandit deal
digital transformation

NHS to digitise coronavirus testing with new Scandit deal

8 Apr 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021