ICO wants commerce to embrace audits
Launching his annual report in a webcast last week, the Information Commissioner encouraged the private sector to stand up and be audited. Only 19% of the businesses contacted by the ICO offering “consensual” audits took up the offer, a disappointing result according to Chris Graham, “Lenders, general businesses and direct marketing companies account for almost a third of total complaints to the ICO, and businesses were the top sector for reporting data security breaches to us last year. Despite this, many of them are still resisting our offer to undergo audits. We’ve written to organisations we consider to be high risk but the response has been disappointing.”
Graham emphasized that the audits are not about naming and shaming and should be regarded as a “badge of honour”. But businesses may feel that they are unprepared for the full scrutiny of the ICO and unable to change legacy data management systems without significant cost and disruption. Many would want to establish in advance whether they are at risk of non compliance by internal audit or independent review.
Other highlights of the report show that last year’s breach index rose to 603 cases notified to the ICO. However, the mix of organisations responsible for reporting breaches has changed with both local government and the private sector showing an increase. Complaints to the ICO were down by 21% at 26,227 but there was significant engagement with the ICO – their advice line handled over 100,000 calls and website visitors topped 2.4 million.
Speaking about the new Monetary Penalty regime Graham emphasized that cases where sensitive data had been lost were finding their way to the top of the pile resulting in over £300,000 of fines since April last year. He was, however, keen to stress that the office was not about to “court publicity with a Macho response to every infringement”.
To see the full webcast readers should click here http://view6.workcast.net/?pak=2110321554004329
Other recent items: