Uptick in UK privacy awareness, says ICO

New laws and high-profile investigations have helped put data protection and privacy at the centre of the UK public’s consciousness, according to the Information Commissioner’s Office (ICO).

“This is an important time for privacy rights, with a new legal framework and increased public interest,” information commissioner Elizabeth Denham wrote in the foreword to the ICO’s latest annual report.

“Transparency and accountability must be paramount, otherwise it will be impossible to build trust in the way that personal information is obtained, used and shared online,” she said.

Denham said her second year in the role had been “one of increasing activity and challenging actions, some unexpected, for the office”.

As well as extensive work helping the public and organisations of all sizes prepare for the General Data Protection Regulation (GDPR), and providing expert advice to government during the passage of the Data Protection Act 2018 through Parliament, she said the ICO also experienced unprecedented demand for its casework on data protection and freedom of information (FoI).

The ICO dedicated “significant resources” to the drafting of the Data Protection Bill and to making amendments during its parliamentary passage, the report said, including amendments where the ICO believed the law needed strengthening, such as around the ICO’s investigative powers.

The report highlights the ICO work with the public, showing that in the 12 months to 31 March 2018, there was a “significant increase” in data protection complaints (up 15%), self-reported breaches (up 30%) and FoI complaints (up 5%).

Against this increased demand, the report said the ICO closed more cases than in any other year.

“The ability of our staff to handle this increased workload demonstrates our ability to adjust and expand to increased demand for our regulatory services,” said Denham.

“This should reassure UK citizens that the ICO will be up to the challenge of handling their concerns well into the future, even if caseloads rise as our projections indicate.”

In terms of enforcing data protection law, the report said the ICO issued the largest number and highest value of civil monetary penalties in its history.

This included 26 penalties totalling £3.28m for breaches of electronic marketing laws; 11 fines totalling £1.29m for serious security failures under the Data Protection Act 1998; 11 fines to charities totalling £138,000 for unlawfully processing personal data; an £80,000 fine issued to a data broking organisation; and 19 criminal prosecutions resulting in 18 convictions. A further six cautions were issued and 11 search warrants were executed.

In terms of advice to organisations, the report said the ICO continued to engage with organisations in the public, private and third sectors to promote compliance with the laws on information rights.

The ICO also undertook 26 new audits, 24 follow-up audits, 43 information risk reviews and 56 advisory visits with small and medium-sized enterprises (SMEs).

The report said the ICO continues to play a leading role in European and global policy and enforcement networks, supporting a new International Strategy.

The report also highlights the ICO’s increased focus on cyber incidents, including a new Technology Strategy and the ICO Grants Programme to support independent research.

“I believe the data and evidence in this report indicates the ICO is the proactive digital regulator the UK needs for the ongoing challenges of upholding information rights in the digital world,” said Denham.