Categories: SecurityWorkspace

ICO Warns Businesses Over Data Protection Audits

The Information Commissioner has warned private businesses that they should be more willing to undergo data protection audits.

The warning comes after the Information Commissioner’s Office (ICO) published figures in its annual report which showed that private companies reported the most data security breaches of any sector in 2010/11.

At the moment UK businesses are under no obligation to tell the ICO if they have suffered a data breach. Instead the ICO operates a voluntary scheme under which serious breaches can be brought to the ICO’s attention.

Breach Disclosure Law

However this may well change after the European Commission said it is working on a law that will legally force companies to notify of any data breach.

Indeed EU justice and rights commissioner Viviane Reding, who was speaking in London recently, confirmed that banks and businesses will be legally obliged under new data protection laws currently being drawn up to warn customers when their personal information is lost or stolen.

The ICO annual report shows that of the 603 data security breaches reported to it in 2010/11, 186 (almost a third) occurred in the private sector. These figures counter the perception that it is the public sector, most notably the NHS, that is responsible for most of the data breaches in the UK.

Only last week the ICO warned the NHS that it must do more to prevent data breaches in future, after reprimanding another five NHS health bodies for breaching the Data Protection Act (DPA).

Badge Of Honour

But the ICO figures show that the private sector must do more, especially as only 19 percent of businesses contacted by the ICO accepted the offer to undergo free data protection audits.

In contrast, 71 percent of public sector organisations who were contacted voluntarily agreed to be audited.

“Lenders, general businesses and direct marketing companies account for almost a third of total complaints to the ICO, and businesses were the top sector for reporting data security breaches to us last year,” said Information Commissioner, Christopher Graham.

“Despite this, many of them are still resisting our offer to undergo audits,” he said. “We’ve written to organisations we consider to be high risk but the response has been disappointing.”

“These audits are not about naming and shaming those who are getting it wrong,” Graham added. “The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously. After all, sound data protection practices are irrevocably linked to providing good customer service.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

6 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

7 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

8 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

8 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

9 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

9 hours ago