Drop in data breach fines despite uptick in security leaks

The ICO is dishing out fewer data breach fines even though more companies are owning up

Data breach

The number of data breaches reported to the Information Commissioner's Office (ICO) has increased over the past year, while the penalties issued by the data protection watchdog have more than halved.

That's according to information obtained by network security vendor ViaSat through a Freedom of Information (FoI) request.

The response to the FoI revealed an 11 per cent increase in reported data breaches to the regulatory body between the March 2013 and March 2014, compared to the same period the previous year.

The health sector had the dubious honour of leading the pack for the most-reported breaches, with 37 per cent of the total. Local government and education came second and third, respectively, with 15 and 8 per cent of the share.

The most common form of data breach, at 48 per cent, involved the sending of information to the wrong recipient. Lost or stolen paperwork followed, making up 16 per cent of reports, while lost or stolen hardware accounted for 8 per cent.

A total of 20 fines worth 2,610,000 were imposed by the ICO between 2012 and 2013, while just 12 fines totalling 1,230,000 were issued between 2013 and 2014. This equates to a 53 per cent drop.

Despite the increase in the number of security breaches reported to the body, it chose to hand out fewer monetary penalties.

Chris McIntosh, CEO of ViaSat, said the reduced numbers could be down to a number of factors, including whether the ICO is not fully investigating less high-profile and high-severity breaches. "[There is] still a huge amount of potentially sensitive data in the wrong hands," he added.

In response, an ICO spokesperson told IT Pro: "Civil monetary penalties are one of a range of formal enforcement actions available to the Information Commissioner's Office, alongside undertakings, legal enforcement notices and prosecutions.

"Data breaches are assessed on a case-by-case basis and we issue fines accordingly," they added.

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Cabinet Office fined £500,000 for New Year Honours data leak
data breaches

Cabinet Office fined £500,000 for New Year Honours data leak

3 Dec 2021
Podcast Transcript: What’s so hard about public sector IT?
public sector

Podcast Transcript: What’s so hard about public sector IT?

3 Dec 2021
The IT Pro Podcast: What’s so hard about public sector IT?
public sector

The IT Pro Podcast: What’s so hard about public sector IT?

3 Dec 2021
ICO publishes new data protection standards for the adtech industry
data protection

ICO publishes new data protection standards for the adtech industry

25 Nov 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
How to move Microsoft's Windows 11 from a hard drive to an SSD
Microsoft Windows

How to move Microsoft's Windows 11 from a hard drive to an SSD

24 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'
virtualisation

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021