The Information Commissioner has warned private businesses that they should be more willing to undergo data protection audits.
The warning comes after the Information Commissioner’s Office (ICO) published figures in its annual report which showed that private companies reported the most data security breaches of any sector in 2010/11.
At the moment UK businesses are under no obligation to tell the ICO if they have suffered a data breach. Instead the ICO operates a voluntary scheme under which serious breaches can be brought to the ICO’s attention.
However this may well change after the European Commission said it is working on a law that will legally force companies to notify of any data breach.
Indeed EU justice and rights commissioner Viviane Reding, who was speaking in London recently, confirmed that banks and businesses will be legally obliged under new data protection laws currently being drawn up to warn customers when their personal information is lost or stolen.
The ICO annual report shows that of the 603 data security breaches reported to it in 2010/11, 186 (almost a third) occurred in the private sector. These figures counter the perception that it is the public sector, most notably the NHS, that is responsible for most of the data breaches in the UK.
Only last week the ICO warned the NHS that it must do more to prevent data breaches in future, after reprimanding another five NHS health bodies for breaching the Data Protection Act (DPA).
But the ICO figures show that the private sector must do more, especially as only 19 percent of businesses contacted by the ICO accepted the offer to undergo free data protection audits.
In contrast, 71 percent of public sector organisations who were contacted voluntarily agreed to be audited.
“Despite this, many of them are still resisting our offer to undergo audits,” he said. “We’ve written to organisations we consider to be high risk but the response has been disappointing.”
“These audits are not about naming and shaming those who are getting it wrong,” Graham added. “The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously. After all, sound data protection practices are irrevocably linked to providing good customer service.”
Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…
Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…
OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…
New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…
US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…
Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…