July 25, 2011
After the worst period of data security breaches in 12 months, the Information Commissioner’s Officer (ICO) has called on UK businesses to be more willing to undergo data protection audits.
Figures from the ICO’s most recent annual report show that of the 603 data security breaches reported to the ICO in 2010/11, almost a third occurred in the private sector. Despite this, just 19% of businesses contacted by the ICO accepted the offer to undergo free data protection audits, compared to 71% in the public sector.
Data security breaches occur whenever an incident leads to the loss, release or corruption of personal data from company systems. Such instances are endemic throughout the UK however, in the absence of a legal obligation on data controllers to report them - the ICO operates a voluntary scheme under which serious breaches are brought to his office’s attention.
“Lenders, general businesses and direct marketing companies account for almost a third of total complaints to the ICO, and businesses were the top sector for reporting data security breaches to us last year. Despite this, many of them are still resisting our offer to undergo audits,” said the ICO’s Christopher Graham.
“These audits are not about naming and shaming those who are getting it wrong. The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously. After all, sound data protection practices are irrevocably linked to providing good customer service.”
