The ICO annual report was released last week, with some interesting figures being presented. Below, we refresh our memories with the headline-grabbing stories relating to data protection from the past few years and look at some the statistics in the report.
Over the past two years, the industry has seen a shocking amount of data breaches. A 17 year old boy recently hacked Talk Talk and gained access to a database containing postal addresses and bank account details of many of Talk Talk’s customers. Meanwhile, other giants like Sage, National Lottery and Tesco also become victims of hacking.
However, a data breach, by definition, is not strictly limited to the hacking of a company’s database. A breach of data relates to any unauthorised access or use of private or personal information. In this regard, we also recently witnessed Flybe and Honda receive financial punishment for misusing their customer’s data – contacting those who had ‘opted-out’ to opt-in or update their marketing preferences in preparation for the incoming GDPR. The alarming reality is, the examples mentioned above are just the handful of cases.
Interesting Statistics on Data Protection 2016/17
Data protection is a popular topic of discussion at the moment, with it being included in many political agendas, meaning citizens are more vigilant then ever. This is proven by the total number of data protection concerns reported, increasing to 18,300 (up by around 2,000) in 2016/17. The good news though, is that 90% of these were resolved within 3 months. The overall number of closed cases increased by 10% from 2015/16 to 17,335 in 2016/17 – showing the ICO are acting quickly on these concerns and taking firm action against those who do misuse data.
Tighter regulations on how we handle and use data, combined with the increasing strength of the ICO through harsher punishments is enabling the ICO to clamp down and make examples of those misusing data. Sixteen monetary penalties for serious data breaches were issued, totalling £1.6 million. The highest of these was, of course, the infamous Talk Talk breach, where a £400,000 fine was issued.
Prosecutions regarding breaches/offences of Section 55 of the DPA, which relates to the unlawful obtaining and use of personal data, have seen a 267% increase. This could be a result of the new regulation that holds both the business and the director accountable for breaches in TPS rules. This is aimed cutting the ‘head off the snake’ in regards rogue callers, who typically just set another business once their previous has been shut. Just 2 months ago a nuisance calling company in Dunstable, Bedfordshire were fined a record amount by the ICO of £400,000.
The responsibility that comes with data
The charity scandal of 2o15 certainly raised the profile of data protection in the UK. However, it’s reassuring to see more and more organisations are treating personal data with the respect it needs. Despite the obvious risk that comes with a business openly reporting themselves to the ICO when a breach occurs, extending from ICO themselves to shareholders, the number of self reported incidents relating to data protection increased by 31.5% to 2,565.
The percentage of cases where action was required increased too, from 18.6% to 26.1%. Despite the initial reaction of ‘there’s an increase in breaches reported!’, this could be a telling sign that businesses are falling in line with the new GDPR, where a business now has just 72 hours to notify of a breach.
These statistics show the ICO are tightening their grip on industry, in regards to the improper use of personal data. This would help prepare organisations for the digital world in terms of data security. It shows the ICO are taking positive steps towards removing the rogue traders who give the industry a bad name. However, it brings attention to the importance of compliance with the controversial and highly-debated GDPR now less than a year away.