ICO statistics reveal record number of data protection incidents

The Information Commissioner’s Office (ICO) has dealt with record numbers of data protection incidents, nuisance marketing cases and individual complaints.

Releasing the ICO’s annual performance statistics for 2016/17, Deputy Commissioner Simon Entwisle revealed that the regulator had received more reported data protection breaches and fined more companies for unlawful activities than ever before. The ICO’s free telephone helpline, new live chat service and new online reporting tool all helped make it easier for the public to report their concerns to the regulator. Audits and new self-assessment tools helped increase organisations’ awareness of their responsibilities.

It is expected that the ICO’s work will intensify next year as it prepares for a new General Data Protection Regulation (GDPR) – which introduces an even more rigorous data protection regime and stricter penalties for breaches. The new law comes into force on 25 May 2018.

Entwisle said: “People have a fundamental right to privacy and our achievements this year reflect our commitment to uphold that right. We have advised and educated organisations to help them work within the law and we have taken action when they’ve fallen short of the mark.

“The new General Data Protection Regulation will give people greater control over their own data and we are working closely with organisations to help them understand their obligations and be ready for the new rules.” “Staff at every level deserve credit for the contribution they have and continue to make. And Information Commissioner Elizabeth Denham’s programme to strengthen the team – in both numbers and expertise – will equip the ICO to meet the challenges ahead.”

Key performance statistics for 2016/17 include:

• Nuisance calls and texts: 166,069 concerns reported, almost 5,000 more than last year. More monetary penalties issued in a single year than ever before, with 23 fines amounting to £1,923,000. We also issued nine Enforcement Notices and 31 organisations are subject to monitoring.
• Data Protection Act: 18,354 complaints cases reported by the public, around 2,000 more than last year. 2,565 self-reported data breaches, resulting in 16 civil monetary penalties totalling £1,624,500 for serious breaches across a range of public, private and voluntary sectors.
• Freedom of Information: 5,433 cases received and 5,100 closed during the year, with 1,351 decision notices. Broadly similar to last year. We have continued to monitor compliance and raised the threshold for our intervention, taking action if fewer than 90% of their FOI responses fall within the statutory timescale.
• Advice services: We received more enquiries about the legislation we deal with – in writing and over the phone – than in the year before. Although calls to our helpline were slightly down on last year at 189,942, this was more than made up by new channels including our live chat service, which received 18,864 contacts. Letter and email contacts remained similar to last year.

Click here to view the annual performance statistics for 2016/17 on the ICO website.