Businesses should be more willing to undergo data protection audits, the Information Commissioner, Christopher Graham, said today. The warning comes as figures published in the ICO’s annual report show that private companies reported the most data security breaches of any sector in 2010/11.
A data security breach is an incident that results in the loss, release or corruption of personal data. In the absence of a legal obligation on data controllers to report them, the Information Commissioner operates a voluntary scheme under which serious breaches are brought to his office’s attention.
Figures from the annual report show that of the 603 data security breaches reported to the ICO in 2010/11, 186 – almost a third – occurred in the private sector. Despite this, just 19% of businesses contacted by the ICO accepted the offer to undergo free data protection audits. In contrast, 71% of public sector organisations who were contacted voluntarily agreed to be audited.
[…]
In 2010/11, the Information Commissioner’s Office completed 26 audits, a 60% increase on 2009/10. Following the audits, the ICO found that 92% of its recommendations were being acted upon.
[…]
A full copy of the 2010/11 annual report, including financial statements and a webcast with the Information Commissioner, will be available on the ICO’s website at 2.30pm.
Source: Information Commissioner’s Office
Annual report documents:
- Annual report 2010/11 (pdf)
- Annual report summary 2010/11 (pdf)
- Annual report summary 2010/11 in Welsh (pdf)