Keywords: personal data, ICO, data breaches, data security
The UK Information Commissioner's Office (ICO) has recently
released figures, published by the BBC, which reveal that there are
now ten times as many personal data security breaches reported to
it compared to five years ago, with 821 data breaches reported
between 2011 and 2012 but only 79 reports made between 2007 and
2008.
There has been an increase in the number of data breaches reported
in all industry sectors apart from in the telecoms sector, where
none were reported between 2011 and 2012 compared to a total of 9
data breaches reported between 2006 and 2011. The National Health
Service and local government authorities have reported the greatest
number of data breaches, with these lapses being of particular
concern to the ICO due to the sensitivity of the types personal
data lost.
The ICO has the power to prosecute, require undertakings, conduct
investigatory and enforcement actions and impose fines up to a
maximum of £500,000 against those organisations that fail to
protect personal data.
The Information Commissioner's Annual Report and Financial
Statement for 2011 – 2012 suggests that the increase in
reporting is the result of recent legal developments and tougher
sanctions imposed by the ICO on organisations that fail to keep
personal data secure and lose it as a result.
Data breaches are being reported to the ICO more readily since the
early detection, notification and subsequent rectification of a
data breach can reduce the possibility of the ICO taking
significant action against an organisation that has failed to
protect its personal data. However, the best way to minimise the
possibility of the ICO taking action is to implement its guidance
and put effective measures into place to protect and manage
personal data within your organisation.
Visit us at mayerbrown.com
Mayer Brown is a global legal services provider comprising legal practices that are separate entities (the "Mayer Brown Practices"). The Mayer Brown Practices are: Mayer Brown LLP and Mayer Brown Europe – Brussels LLP, both limited liability partnerships established in Illinois USA; Mayer Brown International LLP, a limited liability partnership incorporated in England and Wales (authorized and regulated by the Solicitors Regulation Authority and registered in England and Wales number OC 303359); Mayer Brown, a SELAS established in France; Mayer Brown JSM, a Hong Kong partnership and its associated entities in Asia; and Tauil & Chequer Advogados, a Brazilian law partnership with which Mayer Brown is associated. "Mayer Brown" and the Mayer Brown logo are the trademarks of the Mayer Brown Practices in their respective jurisdictions.
© Copyright 2012. The Mayer Brown Practices. All rights reserved.
This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.