The Information Commissioner's Office (ICO) is more carefully selecting which companies it fines for suffering data breaches, new figures suggest.
Released today, the data protection watchdog's annual report showed the overall size of financial penalties issued to companies and organisations who have leaked customer data has fallen by almost half, down to 1.3 million from almost 2 million last year.
However, despite this substantial drop, the amount of money eventually paid to the ICO has decreased by just 115,000.
This is because, while last year saw companies successfully reclaim 580,000 through appeals, there were no such appeals this year.
According to network security firm ViaSat UK's CEO, Chris McIntosh, these figures "could suggest that the ICO is being smarter about how it picks its battles, and not pursuing cases that could result in a costly and ultimately counter-productive appeal".
"After last year, where more than half of the consolidated fund's supposed income was eliminated, this can be seen as a serious improvement."
However, he also suggested that the ICO could be in some financial difficulty. He cites the fact that the Commissioner's Office could be having to pick cases that are less likely to go to appeal, potentially indicating a lack of resources.
While the ICO's overall spending has dropped, McIntosh said: "This year's report suggests it is operating against the limits of its financing."
"If we are to ask the ICO to take greater action against those breaking the data protection act; to be able to monitor and audit organisations as it feels necessary; and to have greater power to enforce data protection best practice, it is clear that this funding needs to increase," he added.
The news comes after Juniper Research predicted data breaches will cost companies $2.1 trillion by 2019, four times the expected cost for leaks in 2015.
