Security vendor ViaSat has hit back at claims made at Infosecurity Europe by the deputy information commissioner that its findings were incorrect.
Asked about results from a Freedom of Information (FoI) Act request by ViaSat, the deputy information commissioner David Smith said that the findings that were reported were 'quite inaccurate', as while the report said that the figures were from April 2010, he believed them to be from November 2007.
The figures are likely breaches of the Data Protection Act received between 6th April 2010, when monetary penalties were introduced by the Information Commissioner's Office (ICO) and 22nd March 2011. The breakdown, as seen by SC Magazine, showed that 'lenders', local government and health were the largest offenders in the time space, with 971 cases reported (lenders with 401, local government with 347 and health with 217).
The FoI Act request asked specifically for information regarding the number of data breaches, while the ICO used the words 'breaches of the Data Protection Act' and not data compliance issues.
Chris McIntosh, CEO of ViaSat UK, said: “First of all I am disappointed in the response of the ICO today. The figure of 2,565 was given to us by the ICO in direct response to a FoI request on the number of data breaches reported since 6th April 2010 and was treated in good faith. Subsequently the ICO has made comment that this figure was inaccurate.
“If it was, this was down to miscommunication from the ICO. Our request was clear in that we wanted information on the number of data breaches. Even if you look at the revised figures the ICO has released it is still clear that that monetary penalties have been enforced in less than one per cent of the data losses it has dealt with. Of those, none have come near the maximum and so far the penalties, as with the ICO's actions and undertakings as a whole, have focused on the public sector whilst leaving the private sector relatively unscathed.
“The ICO is fond of saying that 'you have to be selective to be effective' but by being too selective all that happens is that organisations, especially in the private sector, can begin to view the threat of a penalty or an undertaking as something that is so unlikely as to be beneath notice. For example, organisations could easily look at the £60,000 penalty meted out to A4e, its size compared to the company's £145 million turnover, its rarity and the fact that A4e is still receiving plenty of business, from the government no less, and feel that the risk of ICO action is one they are prepared to take.
“The ICO is right to push for more powers and we fervently hope it can get them. However, it would be nice to see those it has exercised a little more.”