Cleardata news


Commissioner’s Office penalises just 2% of data breaches

Ben Whitelaw

The Information Commisioner’s Office has acted on less than 2% of the data breaches reported over the last year, despite recently being given increased powers to make it easier to do so.


Out of a total of 2565 breaches reported between then and March 2011, only 36 had any action taken against them by the Information Commissioner's Office (ICO) and just four incurred a fine.


The ICO was granted additional powers to issue civil penalties for violations of the Data Protection Act in April last year.


Despite being allowed to issue penalties of up to £500,000, the maximum fine given was £100,000, handed to Hertfordshire County Council for faxing child abuse data to a member of the public in June 2010.


The ICO data, released following a Freedom of Information request by hardware encryption specialists ViaSat, also revealed a discrepancy between the way breaches in private and public sector data had been dealt with.


Seven private sector companies faced action over the year in a sector with almost 23 million employees, with one organisation penalised.


This compared to action brought against 29 public sector organisations, of which three were penalised, in an industry comprising just over 6 million workers.


The single financial penalty against the private sector was also the smallest, a £60,000 fine against services company Action for Employment (A4e) for failing to secure the data of 24,000 members of the public in June last year.