Whistle-blower reports over data breaches hit record high

Whistle-blowers reporting potential breaches to the data protection watchdog rose by a third last year, new figures show.

A total of 427 reports were made to the Information Commissioner’s Office (ICO) in the 12 months to the end of March, up 319 on the previous year, according to City law firm RPC.

The ICO took “further action” on 68 of the reports with a further 23 considered for investigation, down from 55 on 2018.

Reports to the watchdog have surged since the introduction of the GDPR legislation two years ago. Before that 140 reports had been made by whistleblowers.

Under the legislation, companies are obliged to inform the ICO within 48 hours of discovering a cyber attack that affects personal data. Businesses can be fined up to 4pc of their annual turnover.

RPC said that an increase in online fraud and other forms of data theft had forced people to report businesses for not taking proper precautions.

Partner at the law firm Richard Breavington said that whistleblowing was now a “major risk” for companies that failed to deal with data properly.

“This makes it more important than ever for businesses who do fall victim to a data breach to respond quickly and to inform the ICO of the data breach if necessary, within the right deadline and ensure customers are informed when they are exposed to a major risk,” he said. 

“Whilst the ICO has indicated that it is exercising forbearance during coronavirus, businesses would be wrong to think that is a free pass.”

Mr Breavington said that the increase in remote working has meant that businesses have to put “clear practices” in place with more delicate data than ever before being handled at home.

The surge in reports comes after the ICO declared its intention to fine British Airways and the Marriott Hotel group more than £282m over various alleged breaches of the data protection legislation.

Final fines are yet to be announced but the Telegraph reported in August that British Airways expects to pay considerably less than the £183m original fine sought by the ICO.

In the company accounts of IAG, the parent of BA, it outlined an exceptional expense of €22m in relation to the theft of data at British Airways in 2018.

The company said it was management’s “best estimate” of the amount of “any penalty issued by the ICO”. ​

Source link

Leave a comment