UK Firms Play With Fire Over Data Breach Fines

Axway calls for corporate rethink on how data is protected when it comes to DPA penalties, ICO intervention and brand erosion

London, UK, 24 April 2012, Axway (NYSE Euronext: AXW.PA), the Business Interaction Networks company, today revealed findings which show that since April 2010, 35 per cent of complaints to the Information Commissioner Office (ICO) involved disclosure of personal data and security breaches* despite Data Protection Act (DPA) penalties and threat of prosecution that corporations face. 

Alarming as this figure is, it comes as no surprise that consumers in the UK are uniting in voicing their concerns about how their personal identifiable information is being leaked by trusted private and public organisations without their knowledge.

Corporations must take a stand to prevent these types of leakages from continuing to happen. Tim Berners-Lee, the inventor of the World Wide Web, has called for web companies like Facebook and Google to stop profiteering from selling information people don’t even know companies like those own. So, what about the personal identifiable information that companies hold legitimately, such as bank account and credit card numbers, but still escapes through their back door?

Key facts

  • This year alone the ICO received 1002 complaints that raised concerns over the disclosure of personal data or breaches of the DPA  –  an average of eight a day
  • Since its inception, the ICO has received 26,227 data protection complaints that resulted in serving 14 monetary penalties, equating to a mere £1,171,000 in total fines

However, the monetary penalties imposed by the ICO pale in significance when indirect costs are considered. According to the Ponemon Institute and Symantec, costs of data breaches rose to nearly 70 per cent over the past five years. Conversely, and of heightened concern, is the average data breach costs UK companies £79 per record, of which £37 equates to indirect costs – such as loyal customer defection and brand erosion.

Coupled with Big Data management continuing to keep many CIOs and CISOs awake at night, data security will be of paramount concern, regardless of current ICO enforceable legislation. It is imperative for companies to position themselves securely. With its unique ability to deliver secure enterprise collaboration, across all internal and external business interactions, with full visibility, security and governance, Axway helps to ensure the integrity of data in rest and in motion.

John Thielens, chief security officer, Axway said, “Information needs to be securely managed to prevent the data breaches that continue to be headline news around the world. The threat of ICO intervention should not be the business driver. It’s not surprising that the public is alarmed. Restoring public confidence with absolute visibility and concentrating on protecting their data, no matter where it lives, is paramount in today’s world.”

The UK public is up in arms that their data is still not being protected by organisations as their complaints to the ICO demonstrate:

2010

  • 10,598 complaints made in relation to breaching DPA
  • 1,722 complaints made related to disclosure of data
  • 657 complaints related to security
  • 3,781 companies were specifically complained about, with financial organisations and government bodies heralding amongst in the top 10 worst offenders

2011

  • 10,074 total complaints requesting assessment under the DPA
  • 1,834 complaints related to disclosure of private data
  • 620 complaints involved security breaches
  • 4,036 companies were specifically complained about for alleged breaches of DPA

2012 To-date

  • 771 complaints about a breach of the DPA raising concerns over personal data
  • 231 complaints concerning security of personal data

The table below highlights the amount of complaints made to the ICO by sector. Interestingly, with the exception of debt collectors making last year’s Top 10 DPA Worst Offender League Table, (which is probably a symptom of the current economic climate), financial lenders and government continue to take the top spots year on year:

Top 10 DPA Sector Worst Offenders League Table
Ranking 2010 No. of complaints Ranking 2011 No. of complaints
1 Lenders 1,851 1 Lenders 1,505
2 Local Government 1,012 2 Local Government 1,068
3 General business 876 3 General business 1,053
4 Health 825 4 Health 941
5 Central Government 756 5 Central Government 662
6 Policing 665 6 Policing 482
7 Telecoms 512 7 Telecoms 428
8 Education 339 8 Education 361
9 Insurance 304 9 Insurance 334
10 Internet 299 10 Debt Collectors 309

For more information on Axway’s products and solutions for secure enterprise collaboration:
http://www.axway.co.uk/products-solutions

Download the Axway whitepaper Safeguarding Sensitive Data.

Follow Axway on Twitter: http://twitter.com/Axway

About Axway
Axway (NYSE Euronext: AXW.PA), the Business Interaction Networks company, is a software company with more than 11,000 customers in 100 countries. For more than a decade, Axway has provided leading organisations around the world with proven technology solutions that integrate, manage, secure and govern the business-critical interactions that accelerate enterprise performance. Our award-winning solutions span business-to-business integration, managed file transfer, business operations monitoring, process management, and email and identity security – offered on premise or in the Cloud with professional and managed services. Axway is registered in France with headquarters in the United States and offices around the globe. More information is available at www.axway.co.uk

Note to editors

*ICO request for information under section 1(1) of the Freedom of Information Act 2000 (FOIA), March 2012

ICO Key Facts - http://www.ico.gov.uk/what_we_cover/taking_action/dp_pecr.aspx#monetarypenalties

Ponemon Institute March 2012 –
http://www.symantec.com/en/uk/about/news/release/article.jsp?prid=20120320_11

Tim Berners-Lee from The Guardian “Battle for the Internet” series: http://www.guardian.co.uk/technology/2012/apr/18/tim-berners-lee-google-facebook?INTCMP=SRCH.