This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

ICO fines against self-reported breaches increased by two-thirds last year

Share this article:

The number of self-reported data breaches to the Information Commissioner's Office increased from 730 to 1,150 in the space of a year.

According to a Freedom of Information Act request by ViaSat, there were 730 self-reported breaches between March 2011 and February 2012, and 1,150 in the same months during 2012 to 2013.

Chris McIntosh, CEO of ViaSat UK, said: “Those of us concerned about the state of data protection in the UK can take some comfort from these figures. First is the fact that more data breaches are being reported; while this may mean an increase in the number of breaches, it also suggests that such breaches are being more readily identified and reported, rather than left unreported where the issues causing them will fester, unresolved.

“Second, it is clear that the ICO is standing by its promise to use both the carrot and the stick when enforcing the Data Protection Act. Not only has the number of monetary penalties increased year-on-year, but they have grown in size and been implemented across both the public and private sectors."

Also, over the same periods, the number of monetary penalties imposed on organisations for poor data security massively increased: from nine penalties totalling £791,000 in 2011-2012 to 20 penalties totalling £2,610,000 in 2012-2013, a growth of 230 per cent.

The request found that whilst eight of the nine monetary penalties in 2011-2012 were levied against the public sector - accounting for £790,000 of the £791,000 levied - in 2012-2013 the figure was more even: with four of the 20 penalties levied against the private sector for a total value of £520,000 out of £2,610,000.

In a recent SC Magazine webcast poll, 79 per cent of listeners agreed that if you suffer from a cyber security breach, you must report this to national regulators.

Speaking on that webcast, Stewart Room, partner at Field Fisher Waterhouse, said that this needs guidance and because there was no obligation to disclose to the regulator under the current Data Protection Act policy, it comes down to choice.

“Of 25 fines issued last year, 21 were self-reported while the other four were against those who were found out and if you disclose, you are at risk of being fined, but it doesn't give you an amnesty against fines,” he said.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...