Out-Law News 1 min. read

Self-reporting of data breaches in the UK on the rise, where risk of fine is below 1%


Organisations face being fined in less than 1% of data breach cases self-reported to the UK's data protection watchdog, according to new figures.

The Information Commissioner's Office (ICO) reported a 31.5% increase in the number of data breach incidents reported to it by organisations in 2016/17.

In total, the ICO was notified of 2,565 data breaches by the organisations affected, up from 1,950 the previous year. The ICO sought to impose a civil monetary penalty notice in 17 of the cases concluded last year. Organisations that self-reported were not required to take any action in 1,680 of the cases.

According to the figures published by the ICO, health bodies were responsible for 41% of all data breaches self-reported to the watchdog last year.

Telecoms companies were also responsible for a greater volume of cases of self-reported data breaches last year. Those businesses are obliged, under e-Privacy regulations, to self-report such cases to the ICO. The watchdog said it received 1,005 notifications of breaches by the telecoms providers last year, compared to 613 in 2015/16.

Organisations of all types will be under a new legal duty to notify data protection authorities of certain data breaches they experience under the EU's General Data Protection Regulation (GDPR), which will apply from 25 May 2018.

The ICO also revealed that the number of data protection concerns raised by the public rose to 18,354 in 2016/17, up from 16,388 the previous year. The biggest proportion of concerns raised (42%) related to individuals' rights to access their personal data held by organisations, while 17% of cases concerned the disclosure of data.

The watchdog's statistics revealed a rise in the number and proportionate of data protection concerns raised by the public that concern the use of data and fair processing.

There was also a near-5% increase in the number of complaints lodged with the ICO regarding the handling of freedom of information (FOI) requests by public bodies last year, the ICO said. There were 5,433 such complaints raised in 2016/17, up from 5,181 last year, it said.

Simon Entwisle, deputy information commissioner, said: “We have advised and educated organisations to help them work within the law and we have taken action when they’ve fallen short of the mark. People will continue to be at the heart of what we do as we look to the future."

“The new General Data Protection Regulation will give people greater control over their own data and we are working closely with organisations to help them understand their obligations and be ready for the new rules," he said.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.