The Information Commissioner has warned private businesses that they should be more willing to undergo data protection audits.
The warning comes after the Information Commissioner’s Office (ICO) published figures in its annual report which showed that private companies reported the most data security breaches of any sector in 2010/11.
At the moment UK businesses are under no obligation to tell the ICO if they have suffered a data breach. Instead the ICO operates a voluntary scheme under which serious breaches can be brought to the ICO’s attention.
However this may well change after the European Commission said it is working on a law that will legally force companies to notify of any data breach.
Indeed EU justice and rights commissioner Viviane Reding, who was speaking in London recently, confirmed that banks and businesses will be legally obliged under new data protection laws currently being drawn up to warn customers when their personal information is lost or stolen.
The ICO annual report shows that of the 603 data security breaches reported to it in 2010/11, 186 (almost a third) occurred in the private sector. These figures counter the perception that it is the public sector, most notably the NHS, that is responsible for most of the data breaches in the UK.
Only last week the ICO warned the NHS that it must do more to prevent data breaches in future, after reprimanding another five NHS health bodies for breaching the Data Protection Act (DPA).
But the ICO figures show that the private sector must do more, especially as only 19 percent of businesses contacted by the ICO accepted the offer to undergo free data protection audits.
In contrast, 71 percent of public sector organisations who were contacted voluntarily agreed to be audited.
“Despite this, many of them are still resisting our offer to undergo audits,” he said. “We’ve written to organisations we consider to be high risk but the response has been disappointing.”
“These audits are not about naming and shaming those who are getting it wrong,” Graham added. “The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously. After all, sound data protection practices are irrevocably linked to providing good customer service.”
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…