Huge increase in ICO fines for data breaches
Data watchdog is turning up the heat with nearly £2m in fines over last year
Data protection watchdog the Information Commissioner’s Office (ICO) has revealed a sharp jump in the number of penalties handed out for breaches of the Data Protection Act.
For the year up to June 30, the ICO issued 68 warnings of one form or another, up 48% from 46 the previous year, the figures revealed.
The ICO has also increased the frequency and amount of fines it has handed out. During the specified time period it handed out 15 fines totalling £1.8m, well up on the six fines totalling £431,000 handed out the previous year.
Over the last year the ICO has taken a much tougher approach to companies breaching the data protection act. In April 2012 it handed down the first financial penalty to an NHS organisation, fining the Aneurin Bevan Health Board (ABHB) £70,000 after a report containing sensitive information about a patient was sent to the wrong person.
It also broke its own record for the largest fine handed out, penalising Midlothian Council a record £140,000 for repeated breaches of the data protection act. The breaches involved the disclosure sensitive personal data relating to children and their carers to the wrong recipients on five separate occasions.
The ICO also fined Brighton and Sussex University Hospitals NHS Trust £375,000 after hard drives containing sensitive patient information were stolen and subsequently sold online. The Trust is appealing the decision and argues that it was the victim of a crime.
In June this year Belfast Health and Social Care Trust was fined £225,000 for a serious breach of the data protection act and the subsequent failure to notify the authorities.
John Thielens, Axway’s chief security officer, said the increase in action from the ICO is long overdue. “The ICO has finally started to step up to the mark and shown its teeth. After all, what’s the point of being given the power to make a difference for the better if you’re not going to use it?”
Mark Dunleavy, Managing Director at Informatica, added that businesses need to ensure they have robust security procedures in place.
“The ICO is turning up the heat against data breaches. With more warnings and fines issued for data security lapses than ever before, the writing is on the wall for businesses that are failing to keep their data under lock and key. Rather than relying on the ICO’s external deterrents, organisations can bypass this vulnerability altogether by implementing more sophisticated tools to take total control over their valuable data assets,” he said.
“Technologies like data masking put the control back in the hands of businesses by allowing them to flexibly establish parameters that protect against data breaches in the first place,” Dunleavy added.
The study into the figures was carried out by Syscap, provider of financial assistance to the education sector. CEO Philip White said: “It’s clear that the ICO is starting to take a much more proactive stance in penalising data lapses, so this is something that business owners need to take very seriously.”
“Businesses need to make sure that the correct safeguards are in place in order to secure their data, or they could be at risk of hefty fines in the near future,” he added.
