Facebook whistleblower tip of iceberg, ICO data shows

cold calls 1Facebook whistleblower Frances Haugen is far from alone in exposing potentially illegal data practices of her employer, with the UK’s Information Commissioner’s Office now receiving hundreds of complaints a year from staff wanting to blow the gaffe on their own companies.

While few could match Haugen’s explosive testimony or reach – she has appeared before British MPs and peers, MEPs in Brussels as well as a US Senate inquiry – the ICO confirmed it has been informed of 309 instances of data breaches over alleged failure to protect information.

According to an analysis by law firm RPC, between April 1 2020 and March 31 2021 there were more than 60 reports from healthcare, education and childcare, while general business saw just under 50, finance and insurance nearly 20, and local government 18.

The ICO website reveals that, while 240 of the 309 disclosures resulted in no further action taken at that time, 69 of these disclosures were taken further.

While the regulator does not give exact details of each case – or how they have panned out – it shows that they did result in 82 referrals to various departments overall; 11 disclosures resulted in referrals to two departments; one disclosure resulted in referral to three departments.

Of those, 44 disclosures were taken into consideration for the ICO investigations team.

In addition, 13 disclosures were referred to Advice Services and the Personal Data Breach Team, including providing advice to the whistleblower and where it would be more appropriate for the matter to be raised as a complaint.

Meanwhile, five disclosures were considered for non-payment of the data protection fee; three disclosures were referred to other departments for various actions; 16 disclosures were considered for tactical and strategic assessment and one disclosure was referred to an external agency.

RPC partner Richard Breavington said: “Some employees feel so strongly about how data is being treated in the workplace that they are anonymously reporting to the ICO. They will also know that the ICO has the powers to levy a potentially significant fine on that employer.”

Related stories
ICO slated for ‘industrial scale’ internal data cock-ups
For Meta or worse? Facebook reveals major rebrand
CCTV footage of Hancock snog fuels data breach probe
Where’s Wylie? H&M faces Nuremberg data leak trial
H&M hands role to Cambridge Analytica whistleblower