A fine issued by the data watchdog against a single company sends shock-waves through all companies operating in same sector, forcing them to sit up, take notice, and review their own data protection policies and practices.
That is one of thekey fidnings of a survey commissioned by the Information Commissioner’s Office, which shows data protection fines act as a “useful deterrent” to others.
Senior managers at nearly 60% of other organisations become more interested in data protection as a result of hearing about fines issued to other organisations, while 47% of respondents said that news of a data protection fine prompted them to introduce new data protection training for staff, the study showed.
More than a quarter of organisations also conduct internal audits after hearing about others’ data protection fines.
“The findings indicate that the positive impact on data protection compliance [achieved by issuing organisations with civil monetary penalties for data protection compliance failings] was extended to peer organisations, where [fines] were viewed as an incentive for them to get it right first time,” the ICO’s report said.
“The majority reported that there was greater senior management buy-in; just under half said they had reviewed or changed their data protection practices and policies as a result of hearing about CMPs, and some increased training and initiated internal audits.”
The ICO has the power to issue organisations with fines of up to £500,000 for serious breaches of the Data Protection Act.
Axed DMA firm hit with £50,000 fine
ICO tries again with £170,000 text fine
Travel firm hit by £150,000 fine
Abortion charity hit by £200,000 fine
ICO admits internal data breach
ICO’s online security ‘safe as houses’
Cyber gang banged up for 30 years
Gang held in Santander hack scam
Staffer held over Morrisons breach
Hackers ‘get ugly’ with mega attack
UK data breach fines top £2.5m