Over a third of all reported data breaches in the UK are committed by private sector organisations, which only account for less than one percent of the resulting fines.
The figures, requested by satellite system-maker Viasat, were released by the Information Commissioner’s Office (ICO), which claimed that the discrepancies are due to the strict criteria that must be met before civil monetary penalties can be imposed.
The chief executive of Viasat stated that whilst the ICO should be praised for their policing of data breaches in the public sector, the private sector has “relatively free rein”. Viasat believe that further breaches go unreported by private sector organisations.
In the last year, the private sector accounted for 263 out of a total of 730 data breaches reported to the ICO, with the NHS and local Governments making up the majority of the public sector cases.
However, during that period a single £1,000 fine was issued against a private sector firm. In the same period the ICO issued a total of £790,000 fines to local councils for breaches of personal data.
Amongst this total was a £140,000 fine, the heaviest ever by the ICO, handed to Midlothian Council for sending sensitive personal data about children and their carers to the wrong addresses on five occasions during the 12 month period.
Most data breaches involve documents being emailed to the wrong address; the second most common cause is theft of data or hardware.
A statement from the ICO said “Effective regulation is about getting the best result in the public interest. There are several types of enforcement action we can take, all of which help drive compliance with the Data Protection Act. The course we choose will always depend on the circumstances of the individual case”.
Copyright © The Mancunion
Powered By Spotlight Studios
0161 275 2930 University of Manchester’s Students’ Union, Oxford Rd, Manchester M13 9PR