The number of organisations that received monetary penalties issued by the Information Commissioner's Office (ICO) increased by more than 200 per cent in the last 12 months.
According to research by law firm Field Fisher Waterhouse (FFW), 2012 was the most prolific year yet for serious ICO enforcement action, with 25 fines, three enforcement notices, six criminal prosecutions and 31 undertakings issued.
In comparison with 2011, which saw only seven fines, one enforcement notice, five criminal prosecutions and 69 undertakings, FFW said that these findings demonstrate that the ICO is increasingly turning to fines to regulate data security failures and other serious breaches of data protection law.
Technology partner at FFW Stewart Room said: “This analysis provides valuable insights into ICO's enforcement strategy and how it translates into action. The ICO does not hesitate to take serious enforcement action for failures to comply with data protection law, and is becoming a real force to be reckoned with and a driver for change.”
FFW's research analysed the ICO's enforcement actions in 2012 and found that: data security breaches remain the most regulated type of failure, accounting for 88 per cent of all fines; 80 per cent of ICO imposed fines were issued to the public sector; 60 per cent of ICO imposed fines within the public sector were issued to a local authority; while 84 per cent of fines (21) were self-reported.
Its research also found that the most penalties in 2012 were issued in February with 13 issued, while 22 fines were issued for failings on principle seven of the Data Protection Act, which states: “Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”
Room said that looking at 2013, he expected the ICO's enforcement activity to continue at this pace or even intensify.
“Although the public sector will remain firmly on the ICO's radar, we can expect the regulator to turn more of its attention to the private sector. This is likely to mean more serious enforcement action but we also expect a greater appetite to challenge enforcement actions,” he said.