Private firms are continuing to get a lighter rap on the knuckles compared to the public sector when it comes to the fines for data breaches being handed out by the Information Commissioner's Office (ICO).
This time last year the ICO was embarrassed into admitting it didn't hand out fines in the majority of cases and again a freedom of information request from ViaSat UK has revealed further details of the way penalties for being careless with data are distributed.
Between 22 March last year and 17 February this, there were 730 self-reported data breaches, for which the private sector was responsible for 263 but only received one financial penalty. The £1,000 handed out to ACS:Law in May last year is dwarfed by the £790,000 in fines handed out to eight councils.
The majority of breaches were down to information mistakenly being disclosed in emails or with documents being sent to the wrong addresses. Public sector is the biggest offender with 88 cases of human error accounting for half of all the self-reported breaches.
"While the ICO has shown great progress in ensuring the public sector regains control over data security practices, the private sector still has a relatively free rein," said Chris McIntosh, CEO of ViaSat UK.
"As the public increasingly trusts the private sector with its information we need to ensure this information is managed responsibly, especially as the private sector reported the most thefts of data or hardware in the past year. Nobody wants to deal with the consequences of further breaches like Sony's loss of 77 million PlayStation Network customer account records," he added.