The Information Commissioner’s Office (ICO) has admitted that an increase in major breaches has led to an increase in amount of work had to be done during the year.
Speaking at the launch of the 2013/2014 report in London, deputy chief executive officer Simon Entwisle said that despite that, there had been an 8.5 per cent in the number of cases cleared in data protection cases as it worked with different organisations in different sectors on how to improve complaints on subject access requests.
“Whenever we see anything we take it up more and more with organisations concerned,” he said. “It is about what we have done with organisations to improve or do things better in the future.”
He also admitted that the Heartbleed bug has caused a lot of concern for the general public, and it counted the number of calls it received and put an FAQ section on the website so it could reduce the amount of time spent on queries.
In total, the ICO completed 63 audits including its first PECR (privacy and electronic communications regulations) audits, which was an increase, but he said that there would be a benefit to audit without notification. In total, there were 1,587 self reported breaches, which resulted in nine non-notification prosecutions, 11 enforcement notices and 19 monetary penalties totalling £2 million.
He said: “Businesses need to keep up to date with security as it is not enough to say “we had some measures in place”, they need to be right measures.”
The ICO report revealed that it received 259,903 calls to its helpline. Entwisle said: “The vast majority of callers do not know what they want and one way to deal with it is to push them to a website, but we appreciate some do not have access to websites and don’t have that avenue, and we are proud of our helpline staff and consumer satisfaction.”
Information commissioner Christopher Graham, said: “I feel we are doing a good job of helping organisations understand and receive fair and efficient response, if businesses can assert their information rights and understand changes. To deliver this, the UK needs an efficient ICO well prepared for the future.”
David Smith, deputy commissioner and director of data protection, said: “It’s about driving a better data protection practice without our intervention, without our day to day involvement. Brussels is driving better standards in technology and how technology is applied.”
Charles Sweeney, CEO, Bloxx, said: “More than ever the public are concerned about how the data they entrust organisations with is protected and managed. In the last year there have been no end of examples where people have felt that companies and the Government have failed to live up to expectations.
“The issue here is trust. People no longer trust organisations to handle their data with the care it deserves. So whilst there is the need for the ICO to act as some kind of data guardian, there is a much bigger issue at play here. How can companies win back the trust of the public and demonstrate that they way they protect and manage data doesn’t just meet expectations, but exceeds them? With data now fuelling the global economy one thing is for sure, companies best figure out the answer pretty quickly.”
Stephen Midgley, VP of global marketing at Absolute Software, said: “It’s hardly surprising to see a rise in data protection cases in this year’s ICO report. Part of the reason is that companies are increasingly forgetting the ‘human factor’ of data breaches, focussing more on external ones like hack
ing. But in reality, the employee is often the weakest link in a business’s data security policy – our research shows that 23 per cent don’t even think corporate data is their responsibility.”