UK Information Commissioner reports an increase in complaints in the last 12 months

July 16, 2014 |

The Information Commissioner’s annual report for the 2013/14 provides some sobering statistics including:

  • receiving 14,738 data protection complaints in the past year.  It received 13,760 in the previous year.
  • resolving 15,492 data protection complaints in the last 12 months.
  • half of all the data protection complaints related to the alleged mishandling of subject access requests.
  • of  17% were directed at lenders, 12% at local government agencies and 10% at health bodies.
  • the ICO launching an investigation into  1,755 data protection cases  and imposing fines totalling £1.97 million for serious breach of the Data Protection Act.
  • more than 260 reports from communication service providers about personal data security breaches they suffered.

It is relevant to note that pursuant to the EU’s directive on the notification of personal data breaches data breach notification is mandatory to inform the ICO within 24 hours of detection of a personal data breach.  With that notification the ICO should be supplied with categories of information about the breach, including the estimated date and time of the incident, the nature and content of the personal data concerned and how many individuals are affected.

Unless a company that suffers a breach can show the ICO to its satisfaction that the use of “technological protection measures” rendered the breached data “unintelligible to any person who is not authorised to access it” it must notify individuals affected by a personal data breach “without undue delay” in cases where the breach is “likely to adversely affect the personal data or privacy” of those individuals. Compare that to Australia where there is no mandatory data breach notification laws.

Just to show that the increasing problem of data breaches is not a matter for the UK only in Data Breaches in New York Hit Record High in 2013, State Attorney General Says the report highlights the problem in New York state. It would not be alone.

It provides:

Last year was a record-setting one for the state of New York — and not in a good way.

Public and private institutions in New York experienced more than 900 data breaches in 2013, according to a report released by the state attorney general on Tuesday. Those breaches exposed the personal and financial records of 7.3 million New Yorkers.

The report, which showed the effects of data security intrusions on New Yorkers over the past eight years, said computer hackers were by far the leading cause of the breaches, accounting for nearly 40 percent of unauthorized data access during that time.

In 2013 alone, the breaches cost the public and private sectors more than $1.37 billion, the report said. Losses were calculated by assuming that a data breach costs an affiliated company approximately $188 for each person whose data was compromised, a figure published in a 2013 report by the security company Symantec and the Ponemon Institute, which researches information security.

“What’s truly shocking about this report, beyond the fact that hacking is now the greatest threat to our personal information and costs us billions of dollars, is that many of these breaches could have been prevented,” Eric T. Schneiderman, the New York attorney general, said in a statement. “If millions of New Yorkers were exposed, one can only imagine how many have been compromised across the nation.”

The report comes after an increase in the number of digital attacks on public and private institutions in recent years; in mid-March, Chinese hackers infiltrated United States government systems to obtain information on federal employees, officials said. And in 2011, Sony‘s popular PlayStation Network for gamers was repeatedly the target of hackers, exposing the names, email addresses and user names of millions of customers.

In 2013, intrusions in New York were largely driven by two high-profile hacks, the report said: the huge breach at Target, in which millions of credit card numbers, addresses and phone numbers were stolen, as well as an attack on LivingSocial, a site for deals and discounts.

The report said that other businesses, of all sizes, also had experienced data breaches, including those in the financial and health services industries.

One Response to “UK Information Commissioner reports an increase in complaints in the last 12 months”

  1. UK Information Commissioner reports an increase in complaints in the last 12 months | Australian Law Blogs

    […] UK Information Commissioner reports an increase in complaints in the last 12 months […]

Leave a Reply