The Information Commissioner’s Office has warned businesses that it will pool all the complaints about them it receives from consumers so it can ramp up the punishment it dishes out – including fines of up to £500,000 and even criminal proceedings.
Currently the data protection watchdog deals with complaints on a case by case basis. But by amassing the complaints against individual companies it can to identify which firms repeatedly flout data protection laws, and then issue further sanctions.
Commissioner Christopher Graham explained: “The next phase for us is to make more sophisticated use of all the information we get in from consumer complaints, to
analyse [it].
“Not just to decide whether a breach is likely or unlikely under the Data Protection Act, but to aggregate some of the information we’re getting to spot who are the serial offenders, which would build a case for action on more occasions in the private sector.”
According to the ICO, the watchdog had “responded” to more than 12,000 consumer complaints about data protection issues within the past year, although a full breakdown of how many relate to the private sector will not be known until the ICO’s annual report is published in July.
Last week it was revealed that financial services firms were the most complained about over the past two years, with 2,356 complaints in the two years.
By pooling individual complaints private sector firms could face sanctions from signing ‘undertakings’ to improve their data protection practices to enforcement notices requiring companies to desist from particular practices. Ultimately they could face monetary penalty notices – for which the ICO can levy fines of up to £500,000 – for serious breaches of the Act.
The ICO can also initiate criminal proceedings against individuals who commit offences under the DPA.
A recent report by PricewaterhouseCoopers (PwC) revealed that 45% of large businesses broke data protection laws last year as a result of security breaches. One in five small businesses lost confidential data as a result of a security breach, while only 18% of organisations which breached the laws “had an effective contingency plan in place”.
Related stories
Banks top ‘data hall of shame’
