Lessons need to be learned from the Information Commissioner's Office (ICO) undertakings.
As it launches its 2011/12 annual report, information commissioner Christopher Graham said that organisations are learning "the hard way" about the consequences of mishandling people's information, and others need to learn the lessons from the ICO.
Graham said: “Over the past year the ICO has bared its teeth and has taken effective action to punish organisations many of which have shown a cavalier attitude to looking after people's personal information.
“This year we have seen some truly shocking examples, with sensitive personal information, including health records and court documents, being lost or misplaced, causing considerable distress to those concerned. This is not acceptable and today's penalty shows just how much information can be lost if organisations don't keep people's details secure.
“We hope these penalties send a clear message to both the public and private sectors that they cannot afford to fail when it comes to handling people's data correctly.”
The annual report showed that there had been a decrease by 0.3 per cent in the number of data protection complaints received by the ICO in the year 2011/12, to 12,985 complaints.
Graham said that its new powers to tackle unsolicited marketing calls and texts have now extended to issuing a monetary penalty of up to £500,000 on the worst offenders.
“We have now set up a dedicated team to enforce the Privacy and Electronic Communication Regulations and we are currently working to identify the operators responsible. The ICO has executed search warrants at a number of sites across the UK linked to companies we believe are breaking the law,” he said.
“We have also set up an online reporting mechanism on our website that allows people to report any marketing texts or calls from unidentified senders. We have received over 12,000 reports to date and we are confident that this work will help us identify those responsible.”
Figures from the annual report show a 60 per cent increase in the number of audits carried out by the ICO good practice team. It said that of the 42 organisations audited, 90 per cent felt that the process raised awareness of the importance of data protection in their organisations. The ICO is also extending its audits to cover public authorities' compliance with the Freedom of Information Act and has also introduced advisory visits to help small- and medium-sized organisations.
Speaking at the SC Magazine Total Security Conference in London, Dr Simon Rice, principal policy adviser (technology) at the ICO, said that the 19 monetary penalties issued to businesses was "19 too many" and it was "not something that the office enjoys doing and it does not represent everything that we do".
The report said that the ICO had received over 600 self-reported data protection breaches, leading to it issuing ten civil monetary penalty notices totalling £1,171,000 in this year, along with 76 undertakings.