Following the publication of the Information Commissioner’s Office (ICO) Annual Report it is revealed that the highest number of data security breaches in any sector was that of the private sector in 2010/11. Out of a total number of reported breaches (608) nearly a third were from the private sector (186). The disappointing fact behind this though, is that of the 186 breaches reported only 19% (37) accepted the ICO offer to undergo a free data protection audit compared to 71% of public administrations!
The report further shows that the number of audits completed by the ICO did increase from 2009/10 by 60% with 26 audits being completed in 2010/11. To support their claims that these audits are necessary, the ICO reported that of these 26 audits, those audited had taken on board and incorporated 92% of the recommendations made. This shows that there is more interest in ‘getting it right’ now that the ICO has increased powers to issue financial penalties.
Talking about this, the Information Commissioner, Christopher Graham said: “Lenders, general businesses and direct marketing companies account for almost a
third of total complaints to the ICO, and businesses were the top sector for reporting data security breaches to us last year. Despite this, many of them are still resisting our offer to undergo audits. We’ve written to organisations we consider to be high risk but the response has been disappointing.
These audits are not about naming and shaming those who are getting it wrong. The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously. After all, sound data protection practices are irrevocably linked to providing good customer service.”
Another new initiative started by the ICO is a monitor to support the public authorities who have had problems in acheiving the 40 day turnaround on data subject access requests. This has also proved to be another successful initiative with over 50% of the 33 authorities monitored improving their response times and a further seven starting to put action plans together to improve their processes.
It is good to see the positiveness of the ICO coming through with the hand of the Information Commissioner, Christpoher Graham, obviously having a a driving force for change. Gone are the days of fear where bodies did not like to tell the ICO about breaches and problems they had, instead it is a culture of acceptance and a guiding through the problem to achieve a success that the ICO is now developing.