ICO FoI response reveals massive rise in data breach fines

FoI request flags year-on-year rise in ICO data breach fines and reports.

Private and confidential

The Information Commissioner's Office (ICO) has stepped up its enforcement activities, by issuing double the number of data breach fines in 2012-2013 as it did in the previous 12 months.

This is according to data obtained via a Freedom of Information (FoI) request by digital comms vendor ViaSat.

The ICO issued 20 monetary penalties in 2012-2013 totalling 2.6 million, according to the figures. During the previous year, the organisation fined just nine organisations generating 791,000 in the process.

During the past 12 months the ICO issued a record fine of 325,000 against a NHS Trust in Brighton for a data protection failure that allowed hard drives containing patient details to be sold on an internet auction site.

The apparent rise in the number of fines issued should go some way to appeasing data protection campaigners that have previously hit out at the ICO for being too soft on people that breach the Data Protection Act.

The human factor is still the primary cause behind data breaches.

The figures also revealed a year-on-year uptick in the number of self-reported breaches made to the ICO, which may partly explain why the organisation has issued more fines this year.

Between March 2012 and March 2013, there were 1,150 self-reported breaches made to the ICO, despite only 730 being made between 22 March 2011 and 17 February 2012.

Chris McIntosh, chief executive of ViaSat UK, said it's pleasing to see the ICO make good on its promise to use both the "carrot and the stick" when enforcing the Data Protection Act.

"Not only has the number of monetary penalties increased year-on-year, but they have grown in size and been implemented across both the public and private sectors," he added.

ViaSat submitted a similar FoI request last year, prompting the firm to hit out at the ICO for being too lenient on private sector firms, after it emerged that nearly every fine handed out between March 2011 and February 2012 was levied against a public sector organisation.

However, this year's results revealed that four out of the 20 fines the ICO dolled out in 2012-2013 involved data protection lapses in the private sector, while the remainder were handed to local councils (eight fines) and NHS organisations (six fines).

Even so, McIntosh said the response to his firm's FoI request suggests more work needs to be done to educate users about data protection best practice.

"What is clear from these findings is that the human factor is still the primary cause behind data breaches...while the ICO can keep issuing undertakings and penalties, it is only widespread change in public awareness and expectations that will truly drive organisations to change," he added.

In a statement to IT Pro, the ICO said penalties and enforcement action are not all it does to safeguard the data of UK citizens.

"The guidance and support we offer, including the free audits and advisory visits we provide to organisations of all sectors and sizes, is designed to make sure that organisations avoid problems further down the line," the organisation said.

"This is why it is important that organisations don't bury their head in the sand but visit our website, read our guidance and ask for our help where required, to make sure they are on the right side of the law."

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Recommended

ICO launches AI risk assessment toolkit for businesses
Information Commissioner

ICO launches AI risk assessment toolkit for businesses

21 Jul 2021
What is the Information Commissioner’s Office (ICO)?
Information Commissioner

What is the Information Commissioner’s Office (ICO)?

15 Jul 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021