Cookies on Pinsent Masons website

This website uses cookies to allow us to see how the site is used. The cookies cannot identify you. If you continue to use this site we will assume that you are happy with this

If you want to use the sites without cookies or would like to know more, you can do that here.

Personal data breaches on the increase in private sector, reports ICO

The number of data breaches in the private sector has risen sharply in the past year even though awareness of data security is higher, the UK's data protection watchdog has said.25 Oct 2011

The Information Commissioner's Office (ICO) said that the number of data security breaches in the private sector has increased by 58% despite the fact more private sector firms had expressed unprompted awareness of their obligation to keep personal data secure under the Data Protection Act than they did in 2010. 

The watchdog published the findings in a report of a survey it had commissioned of 806 private and public sector organisations and their awareness of their obligations under the Act. 

"Almost three quarters (72%) of all organisations spontaneously mentioned their obligation to keep personal information secure; a significant increase of 18% from last year," the ICO said in its survey report.  

"Awareness around processing personal information for limited purposes and not keeping it for longer than necessary have increased by 5% and 8% respectively. This heightened awareness of the obligation to keep personal information secure has been driven by the private sector as 75% (52% in 2010) of large companies and 73% (46% in 2010) of small companies mentioned this responsibility," the ICO said. 

Information Commissioner Christopher Graham said that businesses that do not secure personal data risk damage to their public image as well as a fine of up to £500,000 from the ICO.

“I’m encouraged that the private sector is waking up to its data protection responsibilities, with unprompted awareness of the Act’s principles higher than ever," Graham said. "However, the sector does not seem to be putting its knowledge to good use. The fact is that security breaches in the private sector are on the rise, and public confidence in good information handling is declining." 

"Businesses seem to know what they need to do – now they just need to get on with doing it," said Graham. "It’s not just the threat of a £500,000 fine that should provide the incentive. Companies need to consider the damage that can be done to a brand’s reputation when data is not handled properly. Customers will turn away from brands that let them down." 

The ICO's survey also revealed that organisations are generally more aware of the rights of individuals regarding their personal data than they were last year. Under the Act individuals have certain rights, including the right to access personal data organisations hold about them; the right to correct inaccurate information, and the right to stop unsolicited mail. 

In a second survey of 1,241 individuals, fewer than half expressed confidence in how organisations handled and protected their personal data, the ICO said. 

"The data shows that 59% of the UK public lack confidence in the way their personal information is protected and handled," the ICO said in its report.

"Although this is still what would generally be considered to be reasonably high, agreement with the statement has continued to decline from 68% in 2008 to 59% in 2011. Individuals’ belief that organisations handle their information in a fair and proper way has declined by 7% from 56% in 2010 to 49% in 2011. Similarly between 2010 and 2011 there have been decreases in agreement that existing laws and organisational practices provide sufficient protection of your personal information (-12%) and online companies collect and keep your personal details in a secure way (-11%)," the report said. 

"The perception that organisations handle personal information correctly and online information is kept secure was significantly lower among respondents living in Northern Ireland and Wales. Moreover, within these areas agreement was high that individuals have lost control over the way their information is collected and processed," it said. 

The ICO also reported that almost all public authorities are aware that individuals have the right to access their data, but only half of the individuals that responded to its survey agreed that information they wanted to see was made available and accessible by Government and public bodies. 

The Freedom of Information Act and the Freedom of Information (Scotland) Act came into full force on 1 January 2005, giving individuals the right for the first time to see information held by Government departments and public bodies subject to some exceptions. The ICO is responsible for ensuring public authorities comply with freedom of information laws. 

"This survey highlights the increasing importance of accountability and transparency, and the public’s right to know," Graham said. 

"Almost all public authorities can see the clear benefits of having freedom of information laws. But more needs to be done to make sure that the right information is being made available since only half of citizens surveyed feel they have easy access to the information they want," he said.