Categories: SecurityWorkspace

ICO Warns Businesses Over Data Protection Audits

The Information Commissioner has warned private businesses that they should be more willing to undergo data protection audits.

The warning comes after the Information Commissioner’s Office (ICO) published figures in its annual report which showed that private companies reported the most data security breaches of any sector in 2010/11.

At the moment UK businesses are under no obligation to tell the ICO if they have suffered a data breach. Instead the ICO operates a voluntary scheme under which serious breaches can be brought to the ICO’s attention.

Breach Disclosure Law

However this may well change after the European Commission said it is working on a law that will legally force companies to notify of any data breach.

Indeed EU justice and rights commissioner Viviane Reding, who was speaking in London recently, confirmed that banks and businesses will be legally obliged under new data protection laws currently being drawn up to warn customers when their personal information is lost or stolen.

The ICO annual report shows that of the 603 data security breaches reported to it in 2010/11, 186 (almost a third) occurred in the private sector. These figures counter the perception that it is the public sector, most notably the NHS, that is responsible for most of the data breaches in the UK.

Only last week the ICO warned the NHS that it must do more to prevent data breaches in future, after reprimanding another five NHS health bodies for breaching the Data Protection Act (DPA).

Badge Of Honour

But the ICO figures show that the private sector must do more, especially as only 19 percent of businesses contacted by the ICO accepted the offer to undergo free data protection audits.

In contrast, 71 percent of public sector organisations who were contacted voluntarily agreed to be audited.

“Lenders, general businesses and direct marketing companies account for almost a third of total complaints to the ICO, and businesses were the top sector for reporting data security breaches to us last year,” said Information Commissioner, Christopher Graham.

“Despite this, many of them are still resisting our offer to undergo audits,” he said. “We’ve written to organisations we consider to be high risk but the response has been disappointing.”

“These audits are not about naming and shaming those who are getting it wrong,” Graham added. “The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously. After all, sound data protection practices are irrevocably linked to providing good customer service.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

13 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

15 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

17 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

17 hours ago