UK Firms Play With Fire Over Data Breach Fines

Findings revealed today show that since April 2010, 35 per cent of complaints to the Information Commissioner Office (ICO) involved disclosure of personal data and security breaches despite Data Protection Act (DPA) penalties and threat of prosecution that corporations face.

Alarming as this figure is, it comes as no surprise that consumers in the UK are uniting in voicing their concerns about how their personal identifiable information is being leaked by trusted private and public organisations without their knowledge.

Corporations must take a stand to prevent these types of leakages from continuing to happen. Tim Berners-Lee, the inventor of the World Wide Web, has called for web companies like Facebook and Google to stop profiteering from selling information people don’t even know companies like those own. So, what about the personal identifiable information that companies hold legitimately, such as bank account and credit card numbers, but still escapes through their back door?

Key facts

  • This year alone the ICO received 1002 complaints that raised concerns over the disclosure of personal data or breaches of the DPA – an average of eight a day
  • Since its inception, the ICO has received 26,227 data protection complaints that resulted in serving 14 monetary penalties, equating to a mere £1,171,000 in total fines

However, the monetary penalties imposed by the ICO pale in significance when indirect costs are considered. According to the Ponemon Institute and Symantec, costs of data breaches rose to nearly 70 per cent over the past five years. Conversely, and of heightened concern, is the average data breach costs UK companies £79 per record, of which £37 equates to indirect costs – such as loyal customer defection and brand erosion.

Coupled with Big Data management continuing to keep many CIOs and CISOs awake at night, data security will be of paramount concern, regardless of current ICO enforceable legislation. It is imperative for companies to position themselves securely.

Information needs to be securely managed to prevent the data breaches that continue to be headline news around the world. The threat of ICO intervention should not be the business driver. It’s not surprising that the public is alarmed. Restoring public confidence with absolute visibility and concentrating on protecting their data, no matter where it lives, is paramount in today’s world.

The UK public is up in arms that their data is still not being protected by organisations as their complaints to the ICO demonstrate:


  • 10,598 complaints made in relation to breaching DPA
  • 1,722 complaints made related to disclosure of data
  • 657 complaints related to security
  • 3,781 companies were specifically complained about, with financial organisations and government bodies heralding amongst in the top 10 worst offenders


  • 10,074 total complaints requesting assessment under the DPA
  • 1,834 complaints related to disclosure of private data
  • 620 complaints involved security breaches
  • 4,036 companies were specifically complained about for alleged breaches of DPA

2012 To-date

  • 771 complaints about a breach of the DPA raising concerns over personal data
  • 231 complaints concerning security of personal data
SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

John Thielens is Axway’s Chief Architect, Cloud Services. John oversees Axway’s advanced research and the architecture team’s activities related to cloud computing and deployment. He's active in Axway’s patent development program and works closely with the security office to develop new solutions. John's background in B2B and Managed File Transfer technologies started in the early nineties as corporations started to interconnect over X.400 and continued through the rapid conversion to the Internet, working with tools to manage the security of technologies like SMTP, S/MIME, FTP, PGP, SSH and AS2 as they gained enterprise adoption. John is a frequent speaker at local, national and international events, including RSA Conferences, Gartner ITxpo Symposium and InfoSecurity.