Fines for data breaches in the UK have more than tripled in value during the past year – with private sector firms facing increased sanctions – according to a Freedom of Information request.
ViaSat UK obtained a breakdown of reported breaches and monetary penalties issued by the Information Commissioner’s Office between March 8 2012 and March 8 2013. It finds that breaches reported have grown from 730 in the preceding 12 months to 1,150 in the latest period. During the same period, fines levied have grown from £791,000 (nine separate penalties) to £2,610,000 (20 separate penalties).
“It is cleart hat the ICO is standing by its promise to use both the carrot and the stick when enforcing the Data Protection Act,” said ViaSat UK chief executive Chris McIntosh. “Not only has the number of monetary penalties increased year-on-year, but they have grown in size and been implemented across both the public and private sectors.”
In the 2011 period, eight of the nine penalties were levied against public sector organizations (£790,000 out of the total £791,000). During the 2012 period, 16 out of 20 penalties were on the public sector (£2,090,000 out of the total £2,610,000). This shows an increasing willingness to take action against the private sector – but public sector penalties still dominate.
The largest fine in the private sector was issued to Sony, which was slapped with £250,000 penalty for the 2011 breach of the PlayStation Network. The figures do not include the £440,000 fine for two directors of a firm which sent spam texts, however, which was levied in November last year. This is because it was not for a data breach.
In the public sector, eight penalties were levied against local councils (a total of £845,000), and six penalties against NHS bodies (a total of £945,000). Most of the penalties were for simple human error – especially sending or sharing information inappropriately.
Macintosh added: “What is clear from these finding is that the human factor is still the primary cause behind data breaches. However, this doesn’t mean that organisations can assume their other defences are now airtight: a truly secure system means taking into account every single way that data could be lost or misused, from encrypting devices to making sure employees know how to use email, as well as how they interact with one another.”
Related stories
Text spammers hit by £440k fine
ICO defends ‘paltry’ £250k Sony fine
Half of data fines cut, admits ICO
UK data breach fines top £2.5m http://t.co/2vZNKhXNV8
UK #data breach fines top £2.5m http://t.co/XzIwYj1r7i
#data fines top £2.5 million http://t.co/pR8J2On5Ui