Some figures have just emerged regarding the amount of fines the Information Commisioner’s Office doles out.
Apparently the ICO has only taken action on 36 of 2565 data breaches, and fined just 4 of those, since it was given the power to impose financial penalties of up to £500,000 for lax security a year ago.
These figures were revealed by a Freedom of Information request by security firm ViaSat, according to an article on IT Pro. Translated into percentages, the ICO acts on just 1.4% of data breaches and only fines 0.15% of offenders.
The four fines levied add up to £310,000, with the biggest one handed out to Hertfordshire County Council. That was £100,000 which was imposed on the council for faxing the details of a child abuse case to members of the public by mistake.
An ICO spokesperson said: “Our focus as a regulator is on getting bodies to comply with the [DPA]. This isn’t always best achieved by issuing organisations or businesses with monetary penalties.”
“The action we will take depends entirely on the details of each individual case. The existence of civil monetary penalties has had a markedly beneficial effect on compliance generally. The big stick is there, but doesn’t need to be deployed all the time to have an effect.”
Of course, if the big stick is only deployed 0.15% of the time, its status as a deterrent could be called into question.