This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Information commissioner says it is time to "wake up and smell the monetary penalty"

Share this article:
Two county councils fined by ICO over 'serious email errors'
Two county councils fined by ICO over 'serious email errors'

Lessons need to be learned from the Information Commissioner's Office (ICO) undertakings.

As it launches its 2011/12 annual report, information commissioner Christopher Graham said that organisations are learning "the hard way" about the consequences of mishandling people's information, and others need to learn the lessons from the ICO.

Graham said: “Over the past year the ICO has bared its teeth and has taken effective action to punish organisations many of which have shown a cavalier attitude to looking after people's personal information.

“This year we have seen some truly shocking examples, with sensitive personal information, including health records and court documents, being lost or misplaced, causing considerable distress to those concerned. This is not acceptable and today's penalty shows just how much information can be lost if organisations don't keep people's details secure.

“We hope these penalties send a clear message to both the public and private sectors that they cannot afford to fail when it comes to handling people's data correctly.”

The annual report showed that there had been a decrease by 0.3 per cent in the number of data protection complaints received by the ICO in the year 2011/12, to 12,985 complaints.

Graham said that its new powers to tackle unsolicited marketing calls and texts have now extended to issuing a monetary penalty of up to £500,000 on the worst offenders.

“We have now set up a dedicated team to enforce the Privacy and Electronic Communication Regulations and we are currently working to identify the operators responsible. The ICO has executed search warrants at a number of sites across the UK linked to companies we believe are breaking the law,” he said.

“We have also set up an online reporting mechanism on our website that allows people to report any marketing texts or calls from unidentified senders. We have received over 12,000 reports to date and we are confident that this work will help us identify those responsible.”

Figures from the annual report show a 60 per cent increase in the number of audits carried out by the ICO good practice team. It said that of the 42 organisations audited, 90 per cent felt that the process raised awareness of the importance of data protection in their organisations. The ICO is also extending its audits to cover public authorities' compliance with the Freedom of Information Act and has also introduced advisory visits to help small- and medium-sized organisations.

Speaking at the SC Magazine Total Security Conference in London, Dr Simon Rice, principal policy adviser (technology) at the ICO, said that the 19 monetary penalties issued to businesses was "19 too many" and it was "not something that the office enjoys doing and it does not represent everything that we do".

The report said that the ICO had received over 600 self-reported data protection breaches, leading to it issuing ten civil monetary penalty notices totalling £1,171,000 in this year, along with 76 undertakings.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...