This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

ICO enforcement doubled in last 12 months

Share this article:
ICO enforcement doubled in last 12 months
ICO enforcement doubled in last 12 months

The number of organisations that received monetary penalties issued by the Information Commissioner's Office (ICO) increased by more than 200 per cent in the last 12 months.

According to research by law firm Field Fisher Waterhouse (FFW), 2012 was the most prolific year yet for serious ICO enforcement action, with 25 fines, three enforcement notices, six criminal prosecutions and 31 undertakings issued.

In comparison with 2011, which saw only seven fines, one enforcement notice, five criminal prosecutions and 69 undertakings, FFW said that these findings demonstrate that the ICO is increasingly turning to fines to regulate data security failures and other serious breaches of data protection law.

Technology partner at FFW Stewart Room said: “This analysis provides valuable insights into ICO's enforcement strategy and how it translates into action. The ICO does not hesitate to take serious enforcement action for failures to comply with data protection law, and is becoming a real force to be reckoned with and a driver for change.”

FFW's research analysed the ICO's enforcement actions in 2012 and found that: data security breaches remain the most regulated type of failure, accounting for 88 per cent of all fines; 80 per cent of ICO imposed fines were issued to the public sector; 60 per cent of ICO imposed fines within the public sector were issued to a local authority; while 84 per cent of fines (21) were self-reported.

Its research also found that the most penalties in 2012 were issued in February with 13 issued, while 22 fines were issued for failings on principle seven of the Data Protection Act, which states: “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

Room said that looking at 2013, he expected the ICO's enforcement activity to continue at this pace or even intensify.

“Although the public sector will remain firmly on the ICO's radar, we can expect the regulator to turn more of its attention to the private sector. This is likely to mean more serious enforcement action but we also expect a greater appetite to challenge enforcement actions,” he said.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

New Androids will encrypt your data just like iPhones

New Androids will encrypt your data just like ...

Google has promised that the next generation of Android phones will automatically encrypt data - preventing police and other agencies snooping on their users.

Russian cyber attack exploits Scottish independence vote

Russian cyber attack exploits Scottish independence vote

UK oil firms warned to guard against new campaign as Russian malware exploits Scottish independende vote.

Card and banking fraud back on the rise again

Card and banking fraud back on the rise ...

Banking and card fraud back on the rise again says the FFA UK as crime increasingly moves online.