The Information Commissioner’s Office has suggested it will leave no stone unturned in its fight against those companies which persist in flouting data laws after its latest annual report reveals it has dished out fines totalling £4,788,000 over the past 12 months under the old regime, with GDPR opening up a whole new offensive against the miscreants.
According to the report, which covers the year to March 31, there has been a significant increase in data protection complaints (up 15%), self-reported breaches (up 30%) and Freedom of Information complaints (up 5%). Against this increased demand, the regulator closed more cases than in any other year.
It also received a huge increase in telephone, live chat and written queries from the public and organisations, with new telephone services for small organisations and for self-reported breaches. In the final quarter the ICO had 30,000 more calls than in the previous three months.
When it comes to those found guilty of wrong-doing, the regulator issued the largest number and amount of civil monetary penalties in its history. This included 26 penalties totalling £3.28m for breaches of electronic marketing laws relating to so-called nuisance calls and spam text messages under the Privacy & Electronic Communications Regulations (PECR), along with 10 enforcement notices and the execution of three search warrants.
However, concerns remain over how many of these fines have been avoided by rogue company director simply shutting up shop and starting again under a new business. Following a long campaign, supported by Decision Marketing, the Government is currently consulting over legislation to make directors personally liable for fines of up to £500,000.
The ICO also dished out 11 fines totalling £1.29m for serious security failures under the Data Protection Act 1998, including a record £400,000 fine for TalkTalk and the same penalty for Carphone Warehouse. A further 11 fines were issued to charities, totalling £138,000, for unlawfully processing personal data, including penalties for the British Heart Foundation and the RSPCA, and an £80,000 fine issued to Verso, the first for a major data broker.
A total of 19 criminal prosecutions resulting in 18 convictions – a further six cautions were issued and 11 search warrants were executed.
The regulator also undertook 26 new audits, 24 follow-up audits, 43 information risk reviews and 56 advisory visits with small and medium sized businesses.
However, the past 12 months have not all been about enforcement. The regulator points out that, as well as extensive work helping the public and organisations of all sizes prepare for the GDPR, it provided advice to Government during the passage of the Data Protection Act 2018 through Parliament. The ICO also experienced unprecedented demand for its casework on data protection and freedom of information.
Commissioner Elizabeth Denham said her second year in the role had been “one of increasing activity and challenging actions, some unexpected, for the office”.
Denham added: “This is an important time for privacy rights, with a new legal framework and increased public interest.
“Transparency and accountability must be paramount, otherwise it will be impossible to build trust in the way that personal information is obtained, used and shared online.”
Related stories
Gotcha. Rogue call chiefs to finally face £500,000 fines
Bosses guilty of 2.5m illegal calls hit with six year ban
ICO and DMA back ‘Call Time’ campaign as more go bust
Time to finally hit rogue marketing chiefs where it hurts
Noose tightens on rogue and lax firms as ICO fines soar
Number’s up for Abbott with 12 year directorship ban
Four firms fined £600,000 as ICO bares its teeth again
Data industry braced for knock at door as ICO hits Verso
Carphone Warehouse rocked by £400,000 ICO data fine
Over 170 companies under investigation for rogue calls
ICO ratchets up TPS abuse clampdown with £85k fine
Claims firm hit for £250,000 but is already bust
TalkTalk rocked by record £400k fine for data breach
Double-glazing firm smashed for £50k over TPS breach
New consent warning as firm is rocked by £270,000 fine
Brighton firm behind 46m calls gets £350,000 fine
ICO data abuse probe to trigger fines for 11 charities
24 firms under investigation for charity data failings
BHF and RSPCA were facing fines of £430,000 says ICO