Why the ICO is being more careful over who it fines


The Information Commissioner's Office (ICO) is more carefully selecting which companies it fines for suffering data breaches, new figures suggest.

Released today, the data protection watchdog's annual report showed the overall size of financial penalties issued to companies and organisations who have leaked customer data has fallen by almost half, down to 1.3 million from almost 2 million last year.

However, despite this substantial drop, the amount of money eventually paid to the ICO has decreased by just 115,000.

This is because, while last year saw companies successfully reclaim 580,000 through appeals, there were no such appeals this year.

According to network security firm ViaSat UK's CEO, Chris McIntosh, these figures "could suggest that the ICO is being smarter about how it picks its battles, and not pursuing cases that could result in a costly and ultimately counter-productive appeal".

"After last year, where more than half of the consolidated fund's supposed income was eliminated, this can be seen as a serious improvement."

However, he also suggested that the ICO could be in some financial difficulty. He cites the fact that the Commissioner's Office could be having to pick cases that are less likely to go to appeal, potentially indicating a lack of resources.

While the ICO's overall spending has dropped, McIntosh said: "This year's report suggests it is operating against the limits of its financing."

"If we are to ask the ICO to take greater action against those breaking the data protection act; to be able to monitor and audit organisations as it feels necessary; and to have greater power to enforce data protection best practice, it is clear that this funding needs to increase," he added.

The news comes after Juniper Research predicted data breaches will cost companies $2.1 trillion by 2019, four times the expected cost for leaks in 2015.

Adam Shepherd

Adam Shepherd has been a technology journalist since 2015, covering everything from cloud storage and security, to smartphones and servers. Over the course of his career, he’s seen the spread of 5G, the growing ubiquity of wireless devices, and the start of the connected revolution. He’s also been to more trade shows and technology conferences than he cares to count.

Adam is an avid follower of the latest hardware innovations, and he is never happier than when tinkering with complex network configurations, or exploring a new Linux distro. He was also previously a co-host on the ITPro Podcast, where he was often found ranting about his love of strange gadgets, his disdain for Windows Mobile, and everything in between.

You can find Adam tweeting about enterprise technology (or more often bad jokes) @AdamShepherUK.