Out-Law / Your Daily Need-To-Know

Out-Law News 1 min. read

Spike in number of data protection probes in financial services sector


The Information Commissioner's Office (ICO) looked into nearly three times as many alleged cases of Data Protection Act breaches by UK financial services companies last year than it did in 2013, according to new figures.

In 2014 585 data protection cases in the financial services sector were reported to the ICO, compared to 206 the previous year, according to Egress Software Technologies which obtained the data from the ICO under freedom of information (FOI) laws.

A spokesperson for the ICO told Out-Law.com that the cases included a mix of complaints it received and of self-reported breaches of the DPA by companies and were not exclusively related to alleged breaches of data security requirements under the Act. The spokesperson said the ICO reviewed each case, but that not all were formally investigated nor confirmed as breaches of the DPA.

Egress Software Technologies said the data it obtained revealed that all of the major UK banks and lenders have "reported multiple incidents to the ICO in the last two years".

"It is often not obligatory for an organisation to report data security incidents to the ICO," technology law expert Angus McFadyen of Pinsent Masons, the law firm behind Out-Law.com, said. "In the past, it has mostly been public bodies that have done so. I would be careful about reading into the data that security has worsened within the financial sector. If anything, my experience suggests that, security is taken very seriously by the vast majority of the sector and that increasing governance and transparency has led to an increasing tendency to self-report – if that’s right, it means that the new data is a positive sign." 

Earlier this year online holiday insurance company Staysure.co.uk was fined £175,000 by the ICO after IT security failings enabled hackers to gain access to the personal data of customers.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.