Axway issued a press release with some interesting statistics on complaints made to the Information Commissioner Office (ICO). They obtained the data under Freedom of Information requests.
Here are some of the statistics they compiled:
- Since April 2010, 35% of complaints to the ICO involved disclosure of personal data and security breaches. This year alone, the ICO received 1,002 complaints that raised concerns over the disclosure of personal data or breaches of the DPA – an average of eight a day.
- Since its inception, the ICO has received 26,227 data protection complaints that resulted in serving 14 monetary penalties, equating to a mere £1,171,000 in total fines.
Of course, the ICO didn’t have the authority to impose fines until 2008, but there’s still a significantly low fine:incident ratio. Here’s a breakdown of complaints by year:
2010
- 10,598 complaints made in relation to breaching DPA
- 1,722 complaints made related to disclosure of data
- 657 complaints related to security
- 3,781 companies were specifically complained about, with financial organisations and government bodies heralding amongst in the top 10 worst offenders
2011
- 10,074 total complaints requesting assessment under the DPA
- 1,834 complaints related to disclosure of private data
- 620 complaints involved security breaches
- 4,036 companies were specifically complained about for alleged breaches of DPA
2012 To-date
- 771 complaints about a breach of the DPA raising concerns over personal data
- 231 complaints concerning security of personal data
If one extrapolates from the partial 2012 data, it looks like 2012 may see more complaints about personal data and security breaches than either of the previous two years.
The table below, provided by Axway, provides an analysis by sector for 2010 v. 2011. They note, ” Interestingly, with the exception of debt collectors making last year’s Top 10 DPA Worst Offender League Table, (which is probably a symptom of the current economic climate), financial lenders and government continue to take the top spots year on year:”
| Top 10 DPA Sector Worst Offenders League Table | |||||
| Ranking | 2010 | No. of complaints | Ranking | 2011 | No. of complaints |
| 1 | Lenders | 1,851 | 1 | Lenders | 1,505 |
| 2 | Local Government | 1,012 | 2 | Local Government | 1,068 |
| 3 | General business | 876 | 3 | General business | 1,053 |
| 4 | Health | 825 | 4 | Health | 941 |
| 5 | Central Government | 756 | 5 | Central Government | 662 |
| 6 | Policing | 665 | 6 | Policing | 482 |
| 7 | Telecoms | 512 | 7 | Telecoms | 428 |
| 8 | Education | 339 | 8 | Education | 361 |
| 9 | Insurance | 304 | 9 | Insurance | 334 |
| 10 | Internet | 299 | 10 | Debt Collectors | 309 |
You might think with data such as these that the ICO would start handing out some steep fines to the financial sector as a possible deterrent, but while the ICO has handed out a number of fines to local councils, it has not really gone after the financial sector, raising the question, why?