ICO doubles data protection enforcement casework in 2012/13

The Information Commissioner’s Office more than doubled its data protection enforcement casework in 2012/13, it has emerged.

Recently updated statistics showed that the ICO created 1,428 such cases during the period, compared to 712 in 2011/12.

The health sector, with 340 cases, generated the most enforcement work. In recent years the NHS has introduced the routine reporting of all data security breaches to the ICO, covering both minor and more serious cases. Previously only serious breaches would have been reported.

Health was followed by local government (228), education (114) and general business (103).

Other generators of enforcement work were: lenders (57), central government (55), solicitors/barristers (55), charities (41), policing and criminal records (40) and direct marketing (37).

Some 23 monetary penalty notices were served as result of the enforcement work finished in 2012/13. This is thought to be a factor behind the rise in casework, with more organisations self-reporting.

There were also six prosecutions and three enforcement notices. Undertakings were obtained in 16 cases.

The vast majority of investigations (1,170) saw some form of remedial action identified. In 177 investigations, there was insufficient evidence to prosecute.

The ICO finished 1,326 cases in 2012/13, up from 872 the previous year.