The Information Commissioner has fined 14 organisations £1.17 million for breaches of the Data Protection Act (DPA) since its inception despite receiving more than 26,000 complaints over the same period, business services company Axway has revealed.
Using information gathered using Freedom of Information (FOI) requests, Axway found that during 2011 the ICO received 10,074 DPA complaints regarding 3,781 different organisations.
This was slightly down on 2010, when 10,598 complaints were made against 4,036 organisations. In both years the most complained about sectors were financial services and various tiers of government.
The number of complaints in the area of private data was 1,834 in 2011, and 637 in 2010; So far in 2012 to 18 March, the ICO had received 1,002 complaints of this nature, which hints at overall data protection complaints in line with previous years.
The most surprising statistic of all is that despite receiving 26,227 DPA complaints since January 2001 when the ICO was formed as the successor to the Data Protection Registrar, the body had only fined a handful of them for data protection offences.
Against this startling-sounding statistic should be set the fact that the ICO has only had the power to fine organisations found to have breached the DPA since May 2008 before which it was limited to issuing enforcement notices.
The body has also pursued a policy of ‘naming and shaming’ organisations using its financial sanctions for serious or repeat offences. Many organisations reprimanded by the ICO have received extensive negative publicity.
“Information needs to be securely managed to prevent the data breaches that continue to be headline news around the world. The threat of ICO intervention should not be the business driver,” said Axway CSO, John Thielens.
“Restoring public confidence with absolute visibility and concentrating on protecting their data, no matter where it lives, is paramount in today’s world,” he said.