Public sector organisations are more likely to be fined for data breaches than private sector peers, a Freedom of Information (FoI) analysis by communications company ViaSat UK has revealed.
ICO figures reveal that between March 2011 and February 2012, 730 data breaches were disclosed to the organisation, 467 of which were from the public sector and 263 from private companies.
The result was a total of £790,000 in fines against 8 local councils in England, Wales and Scotland, but only one, a nominal £1,000 fine against legal firm ACS:Law, levied on a private firm.
In defence of the ICO, the small ACS:Law fine would have been as high as £200,000 had the company not gone out of business before the fine could be set.
Overall, of the 297 of 730 breaches that had been resolved by 17 February this year, 32 resulted in published undertakings and nine resulted in fines. This looks like a reasonable proportion, albeit that only one was a private company.
“While the ICO has shown great progress in ensuring the public sector regains control over data security practices, the private sector still has a relatively free rein,” said ViaSat CEO, Chris McIntosh.
“With the current system the private sector is not feeling the pressure to the same degree as the public sector. The ICO needs to be sure that the private sector, like the public, is aware of all its breaches and undertaking audits and training,” he said.
One interesting theme that emerges from ViaSat’s FoI trawl is the number of data breaches that result from human error rather than hardware loss. The former accounted for 281 incidents, leaving the lost hardware category – often the one that receives the most publicity - to total only 108.
A separate FoI study by services company Axway published this week revealed that the ICO received over 10,000 public complaints relating to possible breaches of the Data Protection Act during 2011.