Businesses should be more willing to undergo data protection audits, the Information Commissioner, Christopher Graham has said. The warning comes as figures published in the ICO’s annual report show that private companies reported the most data security breaches of any sector in 2010/11.

A data security breach is an incident that results in the loss, release or corruption of personal data. In the absence of a legal obligation on data controllers to report them, the Information Commissioner operates a voluntary scheme under which serious breaches are brought to his office’s attention.

Figures from the annual report show that of the 603 data security breaches reported to the ICO in 2010/11, 186 – almost a third – occurred in the private sector. Despite this, just 19% of businesses contacted by the ICO accepted the offer to undergo free data protection audits. In contrast, 71% of public sector organisations who were contacted voluntarily agreed to be audited.

Information Commissioner, Christopher Graham, said: “Lenders, general businesses and direct marketing companies account for almost a third of total complaints to the ICO, and businesses were the top sector for reporting data security breaches to us last year. Despite this, many of them are still resisting our offer to undergo audits. We’ve written to organisations we consider to be high risk but the response has been disappointing.

“These audits are not about naming and shaming those who are getting it wrong. The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously. After all, sound data protection practices are irrevocably linked to providing good customer service.”

Share Story: