Data watchdog is turning up the heat with nearly £2m in fines over last year
Data protection watchdog the Information Commissioner's Office (ICO) has revealed a sharp jump in the number of penalties handed out for breaches of the Data Protection Act.
For the year up to June 30, the ICO issued 68 warnings of one form or another, up 48% from 46 the previous year, the figures revealed.
The ICO has also increased the frequency and amount of fines it has handed out. During the specified time period it handed out 15 fines totalling £1.8m, well up on the six fines totalling £431,000 handed out the previous year.
Over the last year the ICO has taken a much tougher approach to companies breaching the data protection act. In April 2012 it handed down the first financial penalty to an NHS organisation, fining the Aneurin Bevan Health Board (ABHB) £70,000 after a report containing sensitive information about a patient was sent to the wrong person.
It also broke its own record for the largest fine handed out, penalising Midlothian Council a record £140,000 for repeated breaches of the data protection act. The breaches involved the disclosure sensitive personal data relating to children and their carers to the wrong recipients on five separate occasions.
The ICO also fined Brighton and Sussex University Hospitals NHS Trust £375,000 after hard drives containing sensitive patient information were stolen and subsequently sold online. The Trust is appealing the decision and argues that it was the victim of a crime.
In June this year Belfast Health and Social Care Trust was fined £225,000 for a serious breach of the data protection act and the subsequent failure to notify the authorities.
John Thielens, Axway's chief security officer, said the increase in action from the ICO is long overdue. "The ICO has finally started to step up to the mark and shown its teeth. After all, what's the point of being given the power to make a difference for the better if you're not going to use it?"
Mark Dunleavy, Managing Director at Informatica, added that businesses need to ensure they have robust security procedures in place.