Out-Law News 2 min. read
08 Jul 2011, 3:46 pm
Information Commissioner Christopher Graham said it was "disappointing" that only 19% of the private firms it contacted last year were willing to let it inspect their data protection measures.
Data protection watchdog the Information Commissioner's Office (ICO) said 186 private sector businesses had reported serious data security breaches when personal information had been lost, released or corrupted during the last year.
"Lenders, general businesses and direct marketing companies account for almost a third of total complaints to the ICO, and businesses were the top sector for reporting data security breaches to us last year," Graham said in an ICO statement. (4-page / 76KB PDF)
"Despite this, many of them are still resisting our offer to undergo audits. We’ve written to organisations we consider to be high risk but the response has been disappointing," Graham said.
"These audits are not about naming and shaming those who are getting it wrong. The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously. After all, sound data protection practices are irrevocably linked to providing good customer service," Graham said.
The ICO offered a free data protection audit to more than 100 public and private sector organisations last year. 71% of public sector organisations contacted by the ICO voluntarily agreed to the audit, it said.
"The ICO’s good practice audits are designed to help organisations and businesses to meet their data protection obligations through sharing good practice and making helpful and practical recommendations," the ICO said in its statement.
"The ICO is committed to making it easy for organisations to comply with their data protection obligations and offers a free audit service. ICO staff can advise on how to keep things simple, reducing unnecessary bureaucracy," the ICO said.
Businesses should check their own procedures and consider hiring in outside help before allowing the ICO to inspect their data protection practices, an expert in data protection laws has said.
"Companies should have their house in order before calling in the regulator for a stamp of approval," Kathryn Wynn, a data protection specialist with Pinsent Masons, the law firm behind OUT-LAW, told The Register.
Organisations should decide what they would do if their security measures protecting personal data were breached, Wynn said.
"Often the reaction to a breach is more important – look at Sony – no one can blame them for getting hacked, but you need to react properly afterwards," Wynn told The Register.
The ICO completed data protection inspections of 26 organisations during the last year, which is a 60% increase on the number of checks it finished in 2009/10, the ICO said.
The 26 organisations acted on 92% of the ICO's recommendations, it said.
The ICO also reported that many public authorities were taking less time to respond to freedom of information (FOI) requests. It monitored the performance of 33 organisations in the past year and more than half of those have significantly improved their response time, the ICO said.
The ICO is responsible for making sure public organisations comply with freedom of information laws in England and Wales. It said that there were no complaints about FOI requests it had not dealt with that were more than a year old.
Technology law news is also available from Bootlaw, a free resource for technology start-ups, with regular events hosted by Pinsent Masons.
