“Privacy and security regulatory activity at record high” finds PwC Enforcement Tracker

Privacy and security regulatory activity are now at a record high

Privacy and security regulatory activity are now at a record high

The enforcement activities of the Information Commissioner’s Office (ICO) have increased over the past three years, with a marked shift away from headline grabbing financial penalties in favour of more subtle and sophisticated enforcement tools.

According to PwC’s new Privacy and Security Enforcement Tracker, the number of enforcement notices (which give orders to business to take remedial action) have quadrupled in the last two years alone.

Meanwhile, the number of businesses criminally prosecuted has risen significantly, from seven in 2013 to 18 in 2014.

The most frequently used tool of enforcement was ‘Written undertakings’, through which businesses promise to change their ways.

While the number of financial penalties issued fell from 18 in 2013 to just 11 in 2014, the average value of these penalties increased by 24% (from £84,000 to £104,000).

The shift away from the use of fines and the preference for enforcement notices and undertakings will deliver greater benefits for consumers because businesses are focused on taking constructive steps to protect personal information and privacy. They also present a more perilous environment for companies, though, as the cost of remedial actions will often exceed the maximum fine that the ICO can levy.

Security breaches and marketing offences

The main reason for enforcement action in the UK continues to be security breaches, but marketing offences are also becoming more prevalent.

In one case, a music festival organiser was fined £70,000 for sending over 70,000 unsolicited marketing text messages. This significant fine suggests a move towards a much stronger enforcement environment for activities connected with the monetisation of the customer.

Businesses are warned that data analytics about consumer behaviours and consumer profiling are likely to occupy more of the ICO’s attention if these activities are profit making.

PwC’s new Privacy and Security Enforcement Tracker shows that the number of enforcement notices has quadrupled in the last two years

PwC’s new Privacy and Security Enforcement Tracker shows that the number of enforcement notices has quadrupled in the last two years

Stewart Room, partner at PwC Legal and author of the PwC report, told Risk UK: “If you’re a regulated entity, you cannot afford not to track and react to developments in enforcement cases. If you don’t understand what’s happening on the ground you will fail to adjust your business operations to take account of current and emerging regulatory priorities. You will then be exposed to enforcement action which can lead to massive business disruption.”

Room went on to state: “Regulators are acquiring expertise, knowledge and insight to match any business. Indeed, what we are witnessing is the emergence of what will be one of the toughest regulatory environments for business. New EU data protection legislation, to be adopted in the next 12 months and fully implemented by 2018, will bring tougher sanctions that aim to make the ICO and its EU counterparts some of the most powerful business regulators in existence.”

By way of a warning, Room concluded: “Offending companies could soon be forced to hand over up to 5% of their annual worldwide turnover to regulators who are now becoming increasingly savvy in the way they perform their activities.”

*PwC’s 2014 Enforcement Tracker reviews all of the ICO’s data protection enforcement cases for the past 12 months. The Tracker also incorporates insights from Belgium, France, Germany, Italy, Lithuania, Mexico, Poland, Russia, Spain, Sweden and Switzerland as well as highlighting the top ten themes that appeared in EU regulatory guidance last year

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts