ICO’s Annual Report 2017-2018 reveals “increased public awareness” of privacy and information rights issues

New laws and high-profile investigations have helped to put data protection and data privacy at the centre of the UK public’s consciousness like never before, the Information Commissioner has said. 

As the Annual Report for 2017-2018 of the Information Commissioner’s Office (ICO) was published, Information Commissioner Elizabeth Denham said her second year in the role had been one of increasing activity and challenging actions, some of them unexpected.

“This is an important time for privacy rights, with a new legal framework and increased public interest. Transparency and accountability must be paramount, otherwise it will be impossible to build trust in the way that personal information is obtained, used and shared online.”

As well as extensive work to help the public and organisations of all sizes prepare for the European Union’s General Data Protection Regulation (GDPR), and providing expert advice to Government during the passage of the Data Protection Act 2018 through Parliament, the ICO also experienced unprecedented demand for its casework on data protection and freedom of information.

Highlights from the 12 months to 31 March 2018 include a significant increase in data protection complaints (up 15%), self-reported breaches (up 30%) and Freedom of Information complaints (up 5%). Against this increased demand, the ICO closed more cases than in any other year.

The ICO also received a huge increase in telephone, live chat and written queries from the public and organisations, with new telephone services for small organisations and self-reported breaches. In the final quarter, the ICO received 30,000 more calls than in the previous three months.

Importantly, the ICO also created the ‘Your Data Matters’ campaign to inform the public about their rights.

Enforcing the law

Information Commissioner Elizabeth Denham

Information Commissioner Elizabeth Denham

The ICO issued the largest number and amount of civil monetary penalties in its history. This included 26 penalties totalling £3.28 million for breaches of electronic marketing laws relating to nuisance calls and spam text messages, along with ten enforcement notices and the execution of three search warrants.

Eleven fines totalling £1.29 million were apportioned for serious security failures under the Data Protection Act 1998. A further 11 fines were given to charities totalling £138,000 for unlawfully processing personal data and an £80,000 fine issued to a data broking organisation.

A total of 19 criminal prosecutions resulted in 18 convictions. A further six cautions were issued and 11 search warrants executed.

Advice for organisations

There has been ongoing engagement work with organisations in the public, private and third sectors to promote compliance with the laws on information rights. The ICO has undertaken 26 new audits, 24 follow-up audits, 43 information risk reviews and 56 advisory visits with SMEs.

The ICO is continuing to play a leading role in European and global policy and enforcement networks, in turn supporting a new International Strategy. There’s also an increased focus on cyber incidents, including a new Technology Strategy and the new ICO Grants Programme designed to support independent research.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts