View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 13, 2012

Huge increase in ICO fines for data breaches

Data watchdog is turning up the heat with nearly £2m in fines over last year

By Steve Evans

Data protection watchdog the Information Commissioner’s Office (ICO) has revealed a sharp jump in the number of penalties handed out for breaches of the Data Protection Act.

For the year up to June 30, the ICO issued 68 warnings of one form or another, up 48% from 46 the previous year, the figures revealed.

The ICO has also increased the frequency and amount of fines it has handed out. During the specified time period it handed out 15 fines totalling £1.8m, well up on the six fines totalling £431,000 handed out the previous year.

Over the last year the ICO has taken a much tougher approach to companies breaching the data protection act. In April 2012 it handed down the first financial penalty to an NHS organisation, fining the Aneurin Bevan Health Board (ABHB) £70,000 after a report containing sensitive information about a patient was sent to the wrong person.

It also broke its own record for the largest fine handed out, penalising Midlothian Council a record £140,000 for repeated breaches of the data protection act. The breaches involved the disclosure sensitive personal data relating to children and their carers to the wrong recipients on five separate occasions.

The ICO also fined Brighton and Sussex University Hospitals NHS Trust £375,000 after hard drives containing sensitive patient information were stolen and subsequently sold online. The Trust is appealing the decision and argues that it was the victim of a crime.

In June this year Belfast Health and Social Care Trust was fined £225,000 for a serious breach of the data protection act and the subsequent failure to notify the authorities.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

John Thielens, Axway’s chief security officer, said the increase in action from the ICO is long overdue. "The ICO has finally started to step up to the mark and shown its teeth. After all, what’s the point of being given the power to make a difference for the better if you’re not going to use it?"

Mark Dunleavy, Managing Director at Informatica, added that businesses need to ensure they have robust security procedures in place.

"The ICO is turning up the heat against data breaches. With more warnings and fines issued for data security lapses than ever before, the writing is on the wall for businesses that are failing to keep their data under lock and key. Rather than relying on the ICO’s external deterrents, organisations can bypass this vulnerability altogether by implementing more sophisticated tools to take total control over their valuable data assets," he said.

"Technologies like data masking put the control back in the hands of businesses by allowing them to flexibly establish parameters that protect against data breaches in the first place," Dunleavy added.

The study into the figures was carried out by Syscap, provider of financial assistance to the education sector. CEO Philip White said: "It’s clear that the ICO is starting to take a much more proactive stance in penalising data lapses, so this is something that business owners need to take very seriously."

"Businesses need to make sure that the correct safeguards are in place in order to secure their data, or they could be at risk of hefty fines in the near future," he added.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.