A recent survey has revealed that, as a result of their breaching the Data Protection Act (DPA), some British businesses had to pay penalty charges of £2.17 million between January 2013 and October 2014. This is even in spite of the fact that it is mandatory for companies to comply to these rules. In fact, the Information Commissioners Office (ICO) issued over 60 infringement notices during this 21 month period.
It is worrying that the majority, a huge 94%, of the data breaches were a failure to comply with the DPA’s 7th principle.
One of the most common reasons that these notices were issued was having poor information security, according to IT firm, IT Governance. Other breaches included the simple mistake of sending a fax to the wrong person. However, it is noteworthy that many offences were more serious and damaging than these.
On average, each incident of an online data breach or cyber attack cost companies over £52,000; penalty fees were more severely enforced in these situations. Other data protection breaches, such as losing a file or device, would have cost companies around £35,000.
These recent findings would suggest that there is a lack of care taken with regards to data protection and information security. The high number of breaches also shows that more diligence is required in terms of monitoring companies’ data processing systems to ensure they are all authorised and lawful and to prevent the amount of data misplaced, damaged and lost by companies.
However, because cyber criminals are becoming more and more sophisticated, it is incredibly difficult for businesses to ensure total protection of their data, as they can’t completely secure all access points into the company.
Alan Calder, founder and executive chairman of IT Governance says that “With the proposed EU Data Protection Regulation expected to come into force next year, and the continued proliferation of data breaches, companies cannot afford to be complacent about data protection and information security.”
He recommends that they turn to ISO27001 to address not only the strategic, but also operational aspects of the security of their information and that they should always comply to, not just principle 7 of the DPA, but all principles.
If you would like to find out more about your obligations as a business under the Data Protection Act then give us a call today on 0845 600 4696 or fill in our enquiry form and we will get in touch.
[Photo Credit: dustball ]