Companies are being warned to strengthen their internal data protection measures on the back of a new study which shows the data watchdog is coming down harder on miscreants.
According to analysts at Syscap – which works in the education sector – while the majority of fines have been against public bodies, the ICO is also increasingly taking action against private organisations that lose data.
With the Information Commissioner’s Office (ICO) cracking down, small businesses in particular are at risk, as they often lack the appropriate safeguards to properly monitor and track their ICT equipment, researchers say, leaving them more open to fines when data is lost.
The ICO has issued 68 warnings to firms who have allowed private information to be easily accessed in the year up to June. The figure has increased by 2% compared to the previous year, bringing it to 48%.
The watchdog has handed out 15 fines worth £1.8m, having issued just six the year before, which amounted to £431,000.
Syscap chief executive Philip White said: “It’s clear that the ICO is starting to take a much more proactive stance in penalising data lapses, so this is something that business owners need to take very seriously.”
But he stressed that in tough times some businesses have struggled to update their systems to put safeguards in place, leaving them open to data exposure.
He said: “With almost all data now stored electronically, many organisations put safeguards in place to ensure that sensitive data is kept secure.
“Budgets have been stretched since the recession, so upgrading old or out-of-date IT equipment has been put on the back-burner for some time now. This has left some old or redundant systems open to data lapses.”
