Logo

Information Commissioner fires data warning as fines break £2m

The Information Commissioner has warned organisations to “wake up and smell the CMP” (civil monetary penalty) after revealing that more than £2m in fines have been imposed for breaches of data protection laws.

Consumer lender Welcome Financial Services has become the latest body to be served with a penalty, ordered to pay £150,000 after its Shopacheck business lost back-up tapes containing information on its customers.

The amount is the highest so far imposed on a private sector organisation. The record fine of £325,000 was served on Brighton and Sussex University Hospitals Trust after hard drives containing patient data were sold on an internet auction site.

Publishing the annual report for the Information Commissioner’s Office today, Christopher Graham claimed that the organisation had “bared its teeth” in 2011/12.

The ICO was given enhanced powers to fine organisations in breach in April 2010. It has now issued 21 CMPs, the vast majority of which have come in the public sector and local government in particular.

The report revealed that the number of data protection complaints received by the watchdog had remained pretty steady in the last twelve months at 12,985, down just 0.3% on the previous year.

The five areas generating the most data protection complaints were: lenders (15%); general business (11%); local government (11%); health (10%); and central government (6%).

In a third of cases (31%) an assessment was made and compliance considered to be unlikely.

The main reason for complaining was subject access (45%), followed by disclosure of data (17%) and inaccurate data (17%).

On the freedom of information and environmental information front, the ICO reported a 7.7% rise in complaints to 4,633.

In a quarter of the 1,131 cases (27%) where a decision notice was served, the complaint was upheld. It was partially upheld in a further 23% of cases, and not upheld in the other 50%.

The local government sector accounted for 43% of FOI complaints, compared to 24% for central government, 11% for health, 8% for education and 7% for police and criminal justice.

The main growth in the watchdog’s workload related to complaints under the Privacy and Electronic Communication Regulations (PECR) – which govern electronic marketing - with 7,095 complaints received, up 43%.

Christopher Graham said: “Over the past year the ICO has bared its teeth and has taken effective action to punish organisations many of which have shown a cavalier attitude to looking after people’s personal information.

“This year we have seen some truly shocking examples, with sensitive personal information, including health records and court documents, being lost or misplaced, causing considerable distress to those concerned. This is not acceptable and today’s penalty shows just how much information can be lost if organisations don’t keep people’s details secure.

“We hope these penalties send a clear message to both the public and private sectors that they cannot afford to fail when it comes to handling people’s data correctly. It’s a case of ‘wake up and smell the CMP.”

On the issue of unsolicited marketing, Graham said the ICO had set up a dedicated team to enforce the PECR and was currently working to identify the operators responsible. It has also executed search warrants at a number of sites across the UK linked to companies it believes are breaking the law.

In his foreword to the report, the Information Commissioner said the organisation was closely engaged with both the proposals from the European Commission for a revision of the legal framework for data protection in the EU and the post-legislative scrutiny of the Freedom of Information Act by the House of Commons Justice Committee.

Graham wrote: “Our aim is to safeguard citizens’ complementary rights to information and to privacy. We can leave the campaigning to others, but we shall contribute our detailed and increasingly expert perspective to ensure that the framework that emerges delivers real, and not just theoretical, benefits for consumers and citizens.”

A copy of the 2011/12 ICO Annual Report is available here.

Philip Hoult

(c) HB Editorial Services Ltd 2009-2022