This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

ICO enforcement doubled in last 12 months

Share this article:
ICO enforcement doubled in last 12 months
ICO enforcement doubled in last 12 months

The number of organisations that received monetary penalties issued by the Information Commissioner's Office (ICO) increased by more than 200 per cent in the last 12 months.

According to research by law firm Field Fisher Waterhouse (FFW), 2012 was the most prolific year yet for serious ICO enforcement action, with 25 fines, three enforcement notices, six criminal prosecutions and 31 undertakings issued.

In comparison with 2011, which saw only seven fines, one enforcement notice, five criminal prosecutions and 69 undertakings, FFW said that these findings demonstrate that the ICO is increasingly turning to fines to regulate data security failures and other serious breaches of data protection law.

Technology partner at FFW Stewart Room said: “This analysis provides valuable insights into ICO's enforcement strategy and how it translates into action. The ICO does not hesitate to take serious enforcement action for failures to comply with data protection law, and is becoming a real force to be reckoned with and a driver for change.”

FFW's research analysed the ICO's enforcement actions in 2012 and found that: data security breaches remain the most regulated type of failure, accounting for 88 per cent of all fines; 80 per cent of ICO imposed fines were issued to the public sector; 60 per cent of ICO imposed fines within the public sector were issued to a local authority; while 84 per cent of fines (21) were self-reported.

Its research also found that the most penalties in 2012 were issued in February with 13 issued, while 22 fines were issued for failings on principle seven of the Data Protection Act, which states: “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

Room said that looking at 2013, he expected the ICO's enforcement activity to continue at this pace or even intensify.

“Although the public sector will remain firmly on the ICO's radar, we can expect the regulator to turn more of its attention to the private sector. This is likely to mean more serious enforcement action but we also expect a greater appetite to challenge enforcement actions,” he said.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Apple criticised despite fixing iOS 7 and OS X flaws

Apple criticised despite fixing iOS 7 and OS ...

Apple has been criticised despite correcting various security flaws on iOS 7 and OS X Lion and Mountain, with one such bug allowing hackers to intercept data via an SSL ...

Dual-pronged social media attack vector discovered

Dual-pronged social media attack vector discovered

Symantec researchers have spotted a dual-pronged social media engineering attack.

Major Twitter spam attack 'traced' to fellow social media site

Major Twitter spam attack 'traced' to fellow social ...

Photo-sharing website We Heart may have been hit by a stream hack, after it was cited as the source for thousands of spam messages being sent out on Twitter.