As it published its Annual Report for the year 2017-18, the UK’s data protection regulator spoke of how the public were now much more aware of data-related issues.
The press release from the Information Commissioner’s Office (ICO) says that:
“New laws and high-profile investigations have helped put data protection and privacy at the centre of the UK public’s consciousness like never before.”
Information Commissioner Elizabeth Denham said:
“This is an important time for privacy rights, with a new legal framework and increased public interest.
“Transparency and accountability must be paramount, otherwise it will be impossible to build trust in the way that personal information is obtained, used and shared online.”
The 12 months to 31 March 2018 saw a 14.5% annual increase in the number of data protection complaints received by the ICO – the total volume rose from 18,354 to 21,019. This should serve as a warning to all firms across all business sectors – the UK public are much more aware of how their data should be handled and are much more willing to complain to the authorities when they believe that a firm has failed to handle their data correctly.
Self-reported breaches were up 29% compared to 2016-17, from 2,565 to 3,311, and the last financial year also saw the ICO take more enforcement action than ever before.
Regarding nuisance calls and spam texts and emails, both the number of fines issued (26) and the total of the fines (£3,280,000) were the highest on record for a 12-month period. This is despite a significant decrease in the number of consumers contacting the ICO over issues related to firms’ compliance the relevant legislation – the Privacy and Electronic Communications Regulations.
Another 11 fines totalling £1,290,000 were issued for what the regulator describes as “serious security failures under the Data Protection Act 1998.”
In the ‘nuisance calls’ category, a record fine of £400,000 was imposed on Keurboom Communications, who made over 100 million nuisance calls; and in the ‘serious security failures’ category a similar penalty was imposed on Carphone Warehouse, whose customer and employee data was compromised following a severe cyber-attack.
19 criminal prosecutions were launched by the ICO during the year, resulting in 18 convictions.
2017-18 was also of course the year the General Data Protection Regulation (GDPR) came into force, together with the Data Protection Act 2018 that enshrines the GDPR provisions into UK law after Brexit. Amongst other requirements, firms now need to be totally transparent as to what their legal basis for processing data is. The ICO aims to show that it is willing to help firms comply with their obligations, and the Annual Report says that the organisation has published “guidance to help SMEs understand their new data protection obligations under GDPR.”
The information shown in this article was correct at the time of publication. Articles are not routinely reviewed and as such are not updated. Please be aware the facts, circumstances or legal position may change after publication of the article