DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

UK: Private sector leads the way on data protection compliance but ‘room for improvement’ elsewhere (update1)

Posted on October 11, 2012 by Dissent

The Information Commissioner’s Office issued a press release today on the results of its voluntary audit program:

A series of reports published by the Information Commissioner’s Office (ICO) today has highlighted the positive approaches many private sector companies are adopting to look after people’s data. However concerns remain about data protection compliance within the local government sector and the NHS.

The findings are included in four reports which summarise the outcomes of over 60 ICO audits carried out in the private, NHS, local and central government sectors.

Announcing the reports, Louise Byers, Head of Good Practice, at the ICO said:

“We have been providing free audits to help organisations look after the personal information they collect and publishing the results for two years now. During this time we have seen some innovative and well thought out approaches to keeping people’s personal information secure and complying with the Data Protection Act. Today’s reports allow for this knowledge to be shared, while raising areas of continued concern.”

Each report provides a summary of the level of assurance the organisations in each sector have provided during their audit, along with relevant examples of good practice and existing areas for improvement. The audits were all carried out between February 2010 and July 2012.

Within the private sector, the ICO had a high level of assurance that 11 out of the 16 companies audited had policies and procedures in place to comply with the Act. This included having robust security measures in place and providing thorough training for their staff.

Commenting on the report for the private sector, Louise Byers continued:

“The private sector organisations we have audited so far should be commended for their positive approach to looking after people’s data. However this does not mean that businesses in the UK should rest on their laurels. We are still seeing relatively few companies agree to an ICO audit and further improvements can be made, particularly when it comes to the retention and deletion of data.”

In the health service only one of the 15 organisations audited provided a high level of assurance to the ICO, with the local government sector showing a similar trend with only one out of 19 organisations achieving the highest mark. Central government departments fair little better with two out of 11 organisations achieving the highest level of assurance.

Louise Byers continued:

“While the NHS and central government departments we’ve audited generally have good information governance and training practices in place, they need to do more to keep people’s data secure. Local government authorities also need to improve how they record where personal information is held and who has access to it.

“The results of these reports show why we have requested an extension to our compulsory audit powers to cover the NHS and local government sectors. Organisations in these areas will be handling sensitive information, often relating to the care of vulnerable people. It is important that we have the powers available to us to help these sectors improve.”

The reports can be found here:

  • Audit outcomes – central government (February 2010 – July 2012)
  • Audit outcomes – local authorities (February 2010 – July 2012)
  • Audit outcomes – NHS (February 2010 – July 2012)
  • Audit outcomes – private sector (February 2010 – July 2012)

So…. maybe this helps explain why we see fewer fines in the private sector than in the govt and NHS sectors?  I wonder how skewed these results are by the fact that it was a voluntary audit.

Update: Jon Baines thinks the press release is irresponsible.  Now I regret not changing the headline for the release before I posted it, because I think Jon’s concerns are valid and I, too, had wondered about the validity of the findings based on the methodology.

Category: Commentaries and Analyses

Post navigation

← President's bioethics panel urges new privacy protection to ensure benefits from DNA decoding
CMS response to data breaches and medical identity theft – OIG report →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Fraudsters, murderers, students: who the GRU assembled a team of hacker provocateurs from and why it failed
  • Order of Psychologists of Lombardy fined 30,000 € for inadequate data security protection and detection following ransomware attack
  • Lower Merion School District says a data breach was caused by a computer glitch
  • After $1 Million Ransom Demand, Virgin Islands Lottery Restores Operations Without Paying Hackers
  • Junior Defence Contractor Arrested For Leaking Indian Naval Secrets To Suspected Pakistani Spies
  • Mysterious leaker GangExposed outs Conti kingpins in massive ransomware data dump
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • Class action settlement following ransomware attack will cost Fred Hutchinson Cancer Center about $52 million
  • Comstar LLC agrees to corrective action plan and fine to settle HHS OCR charges
  • Australian ransomware victims now must tell the government if they pay up

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare
  • Nebraska Bans Minor Social Media Accounts Without Parental Consent
  • Trump Taps Palantir to Compile Data on Americans

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.