ICO shows its teeth, as the public’s concern over illegal marketing calls grows
5 Jul 2012 03:24 PM
Organisations are learning the hard way of the consequences of mishandling people’s information – and others need to heed the lessons the Information Commissioner, Christopher Graham, warned yesterday at the launch of the ICO’s 2011/12 annual report.
The Commissioner’s comments came as the ICO imposed a civil monetary penalty (CMP) of £150,000 on the consumer lender, Welcome Financial Services Limited (WFSL), after the loss of more than half a million customers’ details.
Information Commissioner, Christopher Graham, said:
“Over the past year the ICO has bared its teeth and has taken effective action to punish organisations many of which have shown a cavalier attitude to looking after people’s personal information.
“This year we have seen some truly shocking examples, with sensitive personal information, including health records and court documents, being lost or misplaced, causing considerable distress to those concerned. This is not acceptable and today’s penalty shows just how much information can be lost if organisations don’t keep people’s details secure.
“We hope these penalties send a clear message to both the public and private sectors that they cannot afford to fail when it comes to handling people’s data correctly.”
Yesterday's penalty was issued after WFSL’s Shopacheck business lost two back up tapes which contained the names, addresses and telephone numbers of their customers in November last year. The tapes have never been recovered.
This latest penalty means that, since being given the power to issue CMPs from 6 April 2010, the ICO has issued 21 penalty notices, bringing the total value of the penalties issued by the ICO to over £2 million.
“It’s a case of ‘wake up and smell the CMP,” the Commissioner said.
While figures from yesterday’s annual report show a 0.3% drop in the number of data protection complaints received by the ICO - with 12,985 complaints made last year – the report highlights the public’s growing concerns about unsolicited marketing calls and texts.
During the last financial year the ICO saw a 43% rise in the number of complaints under the Privacy and Electronic Communication Regulations (PECR) – which govern electronic marketing - with 7,095 complaints received.
Commenting on these latest figures, the Information Commissioner said:
“Last year the ICO gained tough new powers to tackle unsolicited marketing calls and texts, including the power to impose a penalty of up to £500,000 on the worst offenders.
“We have now set up a dedicated team to enforce the Privacy and Electronic Communication Regulations and we are currently working to identify the operators responsible. The ICO has executed search warrants at a number of sites across the UK linked to companies we believe are breaking the law.
“We have also set up an online reporting mechanism on our website that allows people to report any marketing texts or calls from unidentified senders. We have received over 12,000 reports to date and we are confident that this work will help us identify those responsible.”
The ICO has also witnessed a 7% rise in the number of Freedom of Information complaints, with 4,633 complaints received during 2011/12. Despite this increase in the ICO’s workload and despite cuts in government grant-in-aid, the ICO has reduced by 66% the number of FOI cases that have been with the office for longer than 6 months. The number of data protection cases taking over six months to complete has also fallen by 82%.
“Our work resolving freedom of information requests has also increased. As budgets tighten and public spending comes under even greater scrutiny, public authorities must remain transparent and accountable if they are to retain the trust of the public they serve,” the Commissioner said.
Meanwhile, figures from yesterday's annual report show a 60% increase in the number of audits carried out by the ICO Good Practice team. Of the 42 organisations audited, 90% felt that the process raised awareness of the importance of data protection in their organisations, showing that that the ICO’s audits are bringing real information rights benefits to those that take part.
The ICO is extending its audits to cover public authorities’ compliance with the Freedom of Information Act and has also introduced advisory visits to help small and medium sized organisations.
The 2011/12 ICO Annual Report and summary can be downloaded from the ICO's Annual reports page
A copy of today’s monetary penalty – issued to WFSL – can be viewed on the ICO's Taking action page
Notes to Editors
1. The Information Commissioner’s Office upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
2. The ICO has specific responsibilities set out in the Data Protection Act 1998, the Freedom of Information Act 2000, Environmental Information Regulations 2004 and Privacy and Electronic Communications Regulations 2003.
3. The ICO is on Twitter, Facebook and LinkedIn, and produces a monthly e-newsletter. Our press office page provides more information for journalists.
4. Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
Fairly and lawfully processed
Processed for limited purposes
Adequate, relevant and not excessive
Accurate and up to date
Not kept for longer than is necessary
Processed in line with your rights
Not transferred to other countries without adequate protection
5. The Freedom of Information Act (FOIA) provides individuals or organisations with the right to request official information held by a public authority. The Environmental Information Regulations (EIR) provide access to environmental information. The ICO’s policy on enforcing public access to official information and the powers at its disposal are set out here.