IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

ICO FoI response reveals massive rise in data breach fines

FoI request flags year-on-year rise in ICO data breach fines and reports.

Private and confidential

The Information Commissioner's Office (ICO) has stepped up its enforcement activities, by issuing double the number of data breach fines in 2012-2013 as it did in the previous 12 months.

This is according to data obtained via a Freedom of Information (FoI) request by digital comms vendor ViaSat.

The ICO issued 20 monetary penalties in 2012-2013 totalling 2.6 million, according to the figures. During the previous year, the organisation fined just nine organisations generating 791,000 in the process.

During the past 12 months the ICO issued a record fine of 325,000 against a NHS Trust in Brighton for a data protection failure that allowed hard drives containing patient details to be sold on an internet auction site.

The apparent rise in the number of fines issued should go some way to appeasing data protection campaigners that have previously hit out at the ICO for being too soft on people that breach the Data Protection Act.

The figures also revealed a year-on-year uptick in the number of self-reported breaches made to the ICO, which may partly explain why the organisation has issued more fines this year.

Between March 2012 and March 2013, there were 1,150 self-reported breaches made to the ICO, despite only 730 being made between 22 March 2011 and 17 February 2012.

Chris McIntosh, chief executive of ViaSat UK, said it's pleasing to see the ICO make good on its promise to use both the "carrot and the stick" when enforcing the Data Protection Act.

"Not only has the number of monetary penalties increased year-on-year, but they have grown in size and been implemented across both the public and private sectors," he added.

ViaSat submitted a similar FoI request last year, prompting the firm to hit out at the ICO for being too lenient on private sector firms, after it emerged that nearly every fine handed out between March 2011 and February 2012 was levied against a public sector organisation.

However, this year's results revealed that four out of the 20 fines the ICO dolled out in 2012-2013 involved data protection lapses in the private sector, while the remainder were handed to local councils (eight fines) and NHS organisations (six fines).

Even so, McIntosh said the response to his firm's FoI request suggests more work needs to be done to educate users about data protection best practice.

"What is clear from these findings is that the human factor is still the primary cause behind data breaches...while the ICO can keep issuing undertakings and penalties, it is only widespread change in public awareness and expectations that will truly drive organisations to change," he added.

In a statement to IT Pro, the ICO said penalties and enforcement action are not all it does to safeguard the data of UK citizens.

"The guidance and support we offer, including the free audits and advisory visits we provide to organisations of all sectors and sizes, is designed to make sure that organisations avoid problems further down the line," the organisation said.

"This is why it is important that organisations don't bury their head in the sand but visit our website, read our guidance and ask for our help where required, to make sure they are on the right side of the law."

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

MoJ faces £17.5m GDPR fine over subject access request backlog
data protection

MoJ faces £17.5m GDPR fine over subject access request backlog

20 Jan 2022
Cabinet Office fined £500,000 for New Year Honours data leak
data breaches

Cabinet Office fined £500,000 for New Year Honours data leak

3 Dec 2021
ICO publishes new data protection standards for the adtech industry
data protection

ICO publishes new data protection standards for the adtech industry

25 Nov 2021
Celebrity data leaked after ransomware attack on London's Graff jewellers
ransomware

Celebrity data leaked after ransomware attack on London's Graff jewellers

1 Nov 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Delivery firm Yodel disrupted by cyber attack
cyber attacks

Delivery firm Yodel disrupted by cyber attack

21 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022