Out-Law News 1 min. read
03 Jun 2015, 1:29 pm
In 2014 585 data protection cases in the financial services sector were reported to the ICO, compared to 206 the previous year, according to Egress Software Technologies which obtained the data from the ICO under freedom of information (FOI) laws.
A spokesperson for the ICO told Out-Law.com that the cases included a mix of complaints it received and of self-reported breaches of the DPA by companies and were not exclusively related to alleged breaches of data security requirements under the Act. The spokesperson said the ICO reviewed each case, but that not all were formally investigated nor confirmed as breaches of the DPA.
Egress Software Technologies said the data it obtained revealed that all of the major UK banks and lenders have "reported multiple incidents to the ICO in the last two years".
"It is often not obligatory for an organisation to report data security incidents to the ICO," technology law expert Angus McFadyen of Pinsent Masons, the law firm behind Out-Law.com, said. "In the past, it has mostly been public bodies that have done so. I would be careful about reading into the data that security has worsened within the financial sector. If anything, my experience suggests that, security is taken very seriously by the vast majority of the sector and that increasing governance and transparency has led to an increasing tendency to self-report – if that’s right, it means that the new data is a positive sign."
Earlier this year online holiday insurance company Staysure.co.uk was fined £175,000 by the ICO after IT security failings enabled hackers to gain access to the personal data of customers.