ICO fines 'wake-up call for brands'

The data watchdog could soon turn its sights on brand owners’ data protection record after its major clampdown on councils, which has resulted in six fines totalling £670,000 in the past three months alone.
Following the Information Commissioner’s Office calls for extra powers to carry out on-the-spot raids on private sector firms, the regulator has now submitted a business case to the Government.
Since gaining the power in April 2010 to issue monetary penalties of up to £500,000 for serious data protection failures, local councils have almost exclusively been in the firing line.
In the past three months alone, the ICO has issued six such penalties against local councils, including the highest penalty so far of £140,000 against the Midlothian Council.
In total, eleven monetary penalties have been issued against local councils, compared with just two for non public sector organisations.
The ICO claims the high number of public sector organisations hit with monetary penalties is due to the fact that these organisations typically handle the type of sensitive personal information that, if leaked, would qualify as a serious breach of the Data Protection Act.
“The enforcement department considers all cases on an individual basis and can only look into cases that we are made aware of – either through cases that are reported to us or through other channels, including the media,” the ICO has
said.
But one observer warned: “The public sector is much more accountable – it is difficult to work out what is going on behind the closed doors of private businesses. If the ICO gets his extra audit powers, it will be a real wake-up call for brand owners.”