Keywords: personal data, ICO, data breaches, data security

The UK Information Commissioner's Office (ICO) has recently released figures, published by the BBC, which reveal that there are now ten times as many personal data security breaches reported to it compared to five years ago, with 821 data breaches reported between 2011 and 2012 but only 79 reports made between 2007 and 2008.

There has been an increase in the number of data breaches reported in all industry sectors apart from in the telecoms sector, where none were reported between 2011 and 2012 compared to a total of 9 data breaches reported between 2006 and 2011. The National Health Service and local government authorities have reported the greatest number of data breaches, with these lapses being of particular concern to the ICO due to the sensitivity of the types personal data lost.

The ICO has the power to prosecute, require undertakings, conduct investigatory and enforcement actions and impose fines up to a maximum of £500,000 against those organisations that fail to protect personal data.

The Information Commissioner's Annual Report and Financial Statement for 2011 – 2012 suggests that the increase in reporting is the result of recent legal developments and tougher sanctions imposed by the ICO on organisations that fail to keep personal data secure and lose it as a result.

Data breaches are being reported to the ICO more readily since the early detection, notification and subsequent rectification of a data breach can reduce the possibility of the ICO taking significant action against an organisation that has failed to protect its personal data. However, the best way to minimise the possibility of the ICO taking action is to implement its guidance and put effective measures into place to protect and manage personal data within your organisation.

Visit us at mayerbrown.com

Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.

© Copyright 2012. The Mayer Brown Practices. All rights reserved.

This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.