Posted on May 10, 2019 by staff

Only 0.25% of ICO breaches have led to a fine


The amount of closed data breach investigations by the Information Commissioner’s Office (ICO) which resulted in fine has been revealed.

The public body is responsible for maintaining the information rights of the public and enforcing the GDPR.

It closed 11,468 data breach cases between May 2018 and the end of March 2019, according to statistics released under Freedom of Information laws.

According to information from the ICO, 29 of those led to a monetary penalty during this period as well as an additional 13 enforcement notices.

This equates to one fine in every 395 data breach investigations, which included a £500,000 fine issued to Facebook, a £500,000 issued to Equifax and a £400,000 issued to Pregnancy club Bounty UK in April of this year.

Jake Moore, Cyber Security specialist at ESET said the ICO could increase its influence by increasing the financial incentive.

“With data breaches being at an all-time high, organisations need an extra push to get their ducks in a row,” he said.

“The lack of monetary penalties is only going to discourage those companies that are making all the internal changes required to comply with GDPR laws while others are having their cake and eating it too.

The appropriate level of enforcement is required to make the needle move; therefore the ICO must practice what it preaches.”