The UK’s private sector made up more than third of all reported data breaches over 11 months but generated less than 1% of the resulting fines. This information was issued by the Information Commissioner’s Office after a request from satellite system-maker Viasat.
In total five fines amounting to £790,000 were imposed on the public sector and one fine of £1,000 to a private firm.
The report covered self-reported personal data security breaches for the period between 22nd March 2011 and 17th February 2012. During this time 730 events were noted as being potentially liable to penalty or other action. 263 cases were reported in the private sector with the remaining 467 being reported by government and other public sector bodies.
- 281 incidents when information had been mistakenly sent via email, documents had been sent to the wrong address, or other similar accidents
- 170 incidents caused by the theft of data or hardware
- 108 events involving the loss of data or hardware, of which the NHS was responsible for just over a third of cases.
- 17 instances in which materials had not been disposed of properly
Of the resolved breaches over the period, six resulted in local councils being fined. The biggest penalty was a fine of £140,000 imposed on Midlothian Council after it repeatedly disclosed personal data about children and their carers to the wrong recipients.
In the private sector the company singled out was ACS: Law. Its data controller was fined £1,000 after failing to prevent a hack attack which resulted in sensitive details of 6,000 people being published on a third-party website. Some of the data published included references to people’s sex lives, health and financial status. The ICO said at the time that it would have imposed a larger £200,000 fine had the firm not ceased trading and its owner not been of limited means.
Although Viasat’s chief executive praised the ICO’s efforts to monitor and police the public sector they warned that the private sector “still has a relatively free rein”. Chris McIntosh also noted that “while the ICO offers free training and auditing to organisations to help address these issues, so far the private sector in particular has been slow to take them up meaning that further incidents may be waiting to be discovered”.
Since the period detailed in the release, data breaches have continued to occur. Recent examples include the accidental publication of the home and email addresses of 38,000 people who applied to run the London Marathon; loans company Student Finance England sending an email to 8,000 customers which included other recipients’ email addresses; and Scotland Yard sharing email addresses of more than 1,000 victims of crime with other victims.
HW Technology takes great care in ensuring that our clients’ networks are efficient, reliable and secure. We pride ourselves on having a proactive approach towards security data breaches.
To find out more, please call us on 0845 504 8989, or complete our contact form.