6 September 2012
The UK Information Commissioner's Office (ICO) has recently released figures, published by the BBC, which reveal that there are now ten times as many personal data security breaches reported to it compared to five years ago, with 821 data breaches reported between 2011 and 2012 but only 79 reports made between 2007 and 2008.
There has been an increase in the number of data breaches reported in all industry sectors apart from in the telecoms sector, where none were reported between 2011 and 2012 compared to a total of 9 data breaches reported between 2006 and 2011. The National Health Service and local government authorities have reported the greatest number of data breaches, with these lapses being of particular concern to the ICO due to the sensitivity of the types personal data lost.
The ICO has the power to prosecute, require undertakings, conduct investigatory and enforcement actions and impose fines up to a maximum of £500,000 against those organisations that fail to protect personal data.
The Information Commissioner's Annual Report and Financial Statement for 2011 – 2012 suggests that the increase in reporting is the result of recent legal developments and tougher sanctions imposed by the ICO on organisations that fail to keep personal data secure and lose it as a result.
Data breaches are being reported to the ICO more readily since the early detection, notification and subsequent rectification of a data breach can reduce the possibility of the ICO taking significant action against an organisation that has failed to protect its personal data. However, the best way to minimise the possibility of the ICO taking action is to implement its guidance and put effective measures into place to protect and manage personal data within your organisation.