Businesses should be more willing to undergo data protection audits, says the Information Commissioner.
The warning came as figures published in the Information Commissioner’s Office (ICO) showed that private companies reported the most data security breaches of any sector in 2010/11.
A data security breach is an incident that results in the loss, release or corruption of personal data. There is no legal obligation on data controllers to report such breaches, but the ICO operates a voluntary scheme under which serious breaches are brought to its attention.
Figures from the annual report show that of the 603 data security breaches reported to the ICO in 2010/11, 186 – almost a third – occurred in the private sector.
But only 19 per cent of businesses contacted by the ICO accepted its offer of a free data protection audit. In contrast, 71 per cent of public sector organisations who were contacted voluntarily agreed to be audited.
Information Commissioner Christopher Graham said: “Lenders, general businesses and direct marketing companies account for almost a third of total complaints to the ICO, and businesses were the top sector for reporting data security breaches to us last year.
“Despite this, many of them are still resisting our offer to undergo audits. We’ve written to organisations we consider to be high risk but the response has been disappointing.
“These audits are not about naming and shaming those who are getting it wrong. The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously. After all, sound data protection practices are irrevocably linked to providing good customer service.”
The ICO’s good practice audits are designed to help organisations and businesses to meet their data protection obligations through sharing good practice and making helpful recommendations. During 2010-11, the ICO wrote to more than100 public and private sector organisations to offer its services and a total of 30 per cent agreed to undergo an audit.
LINK: ICO’s annual report