Data Privacy

Data privacy breach complaints leap by a third

New figures show that the Information Commissioner’s Office has received a record number of complaints from individuals concerned that their personal data is not being kept sufficiently secure by organisations holding it.

Reports to the ICO relating to personal information security jumped 30 per cent from 886 in 2013 to 1150 in 2014 – or more than two complaints a day on average.

Taken over a five year period, complaints to the ICO about the same issue have increased by 64 per cent.

International law firm Pinsent Masons, which obtained the information through a Freedom of Information request, says that the increase in consumer complaints highlights increasing levels of public unease over how big business and other organisations store personal information.

High profile attacks on trusted corporations like Sony and Target, and the recent damaging attack on infidelity site Ashley Madison, have raised public awareness about how personal data is treated, the firm says.

Luke Scanlon, technology lawyer at Pinsent Masons, said: “Information security isn’t a new issue; businesses have always had a responsibility to protect customer data. But as consumers are increasingly finding themselves left exposed as a result of cyber attacks, concern is clearly growing. The chances are that they wouldn’t be making these complaints without having been directly impacted in some way.”

Under the Data Protection Act, businesses can be fined up to £500,000 by the ICO if the regulator finds that the company has failed to take appropriate measures to protect customer information, and the financial penalties can be far higher if the individuals compromised opt to take legal action against the business.

He added: “There is increasing recognition that how an organisation responds to the compromise of customer data can impact its long term prospects as deeply as the incident itself.

“Many of the businesses and other organisations we are working with are working hard not just to implement good procedures and controls, but also to develop cross-disciplinary teams who understand the legal and reputational issues in the event of a crisis. Chief Executives, CIOs, General Counsel and Communications Directors are getting around the table to say: how do we respond if this happens to us?”

Around 90 per cent of large organisations and 74 per cent of small businesses experienced information security breaches in the past year, according to a UK Government-commissioned survey published in June 2015, however it is not currently mandatory to report data breaches.