This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

ICO enforcement doubled in last 12 months

Share this article:
ICO enforcement doubled in last 12 months
ICO enforcement doubled in last 12 months

The number of organisations that received monetary penalties issued by the Information Commissioner's Office (ICO) increased by more than 200 per cent in the last 12 months.

According to research by law firm Field Fisher Waterhouse (FFW), 2012 was the most prolific year yet for serious ICO enforcement action, with 25 fines, three enforcement notices, six criminal prosecutions and 31 undertakings issued.

In comparison with 2011, which saw only seven fines, one enforcement notice, five criminal prosecutions and 69 undertakings, FFW said that these findings demonstrate that the ICO is increasingly turning to fines to regulate data security failures and other serious breaches of data protection law.

Technology partner at FFW Stewart Room said: “This analysis provides valuable insights into ICO's enforcement strategy and how it translates into action. The ICO does not hesitate to take serious enforcement action for failures to comply with data protection law, and is becoming a real force to be reckoned with and a driver for change.”

FFW's research analysed the ICO's enforcement actions in 2012 and found that: data security breaches remain the most regulated type of failure, accounting for 88 per cent of all fines; 80 per cent of ICO imposed fines were issued to the public sector; 60 per cent of ICO imposed fines within the public sector were issued to a local authority; while 84 per cent of fines (21) were self-reported.

Its research also found that the most penalties in 2012 were issued in February with 13 issued, while 22 fines were issued for failings on principle seven of the Data Protection Act, which states: “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

Room said that looking at 2013, he expected the ICO's enforcement activity to continue at this pace or even intensify.

“Although the public sector will remain firmly on the ICO's radar, we can expect the regulator to turn more of its attention to the private sector. This is likely to mean more serious enforcement action but we also expect a greater appetite to challenge enforcement actions,” he said.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

NCA wants security pros to become cybercrime fighters

NCA wants security pros to become cybercrime fighters

The UK's National Crime Agency is on the hunt for cyber security professionals to "join the fight against some of the world's most significant cyber criminals" on salaries ranging from ...

GCHQ head says agency was 'never involved in mass surveillance'

GCHQ head says agency was 'never involved in ...

Sir Iain Lobban says GCHQ staff "are normal decent human beings who watch EastEnders and Spooks".

Apple Mac OS criticised for sending search results to third parties

Apple Mac OS criticised for sending search results ...

Apple is under pressure to make changes to the Spotlight feature on the new Mac OS X Yosemite 10.10, which tracks location and sends data back to the firm and ...