This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

ICO enforcement doubled in last 12 months

Share this article:
ICO enforcement doubled in last 12 months
ICO enforcement doubled in last 12 months

The number of organisations that received monetary penalties issued by the Information Commissioner's Office (ICO) increased by more than 200 per cent in the last 12 months.

According to research by law firm Field Fisher Waterhouse (FFW), 2012 was the most prolific year yet for serious ICO enforcement action, with 25 fines, three enforcement notices, six criminal prosecutions and 31 undertakings issued.

In comparison with 2011, which saw only seven fines, one enforcement notice, five criminal prosecutions and 69 undertakings, FFW said that these findings demonstrate that the ICO is increasingly turning to fines to regulate data security failures and other serious breaches of data protection law.

Technology partner at FFW Stewart Room said: “This analysis provides valuable insights into ICO's enforcement strategy and how it translates into action. The ICO does not hesitate to take serious enforcement action for failures to comply with data protection law, and is becoming a real force to be reckoned with and a driver for change.”

FFW's research analysed the ICO's enforcement actions in 2012 and found that: data security breaches remain the most regulated type of failure, accounting for 88 per cent of all fines; 80 per cent of ICO imposed fines were issued to the public sector; 60 per cent of ICO imposed fines within the public sector were issued to a local authority; while 84 per cent of fines (21) were self-reported.

Its research also found that the most penalties in 2012 were issued in February with 13 issued, while 22 fines were issued for failings on principle seven of the Data Protection Act, which states: “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

Room said that looking at 2013, he expected the ICO's enforcement activity to continue at this pace or even intensify.

“Although the public sector will remain firmly on the ICO's radar, we can expect the regulator to turn more of its attention to the private sector. This is likely to mean more serious enforcement action but we also expect a greater appetite to challenge enforcement actions,” he said.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...