Privacy & Information Security Law Blog

On July 6, 2011, the UK Information Commissioner’s Office (the “ICO”) released its Annual Report and Financial Statements for 2010/11.  Characterizing information as “the currency of democracy,” the report highlights the wide range of the ICO’s activities during the last twelve months, which focused on education and the provision of good practice guidance in addition to enforcement activities.

In the media release accompanying the publication of the Annual Report, the ICO drew attention to the increase in reported data breaches and urged companies to audit their data protection practices.  The Annual Report indicates that almost a third of the data breaches reported to the ICO in the past year have involved companies, yet only 19% of the companies contacted by the ICO agreed to participate voluntarily in a data protection audit.  The ICO describes this as “disappointing,” but it may not be surprising given the ICO’s inability to compel a company to participate in an audit.

In seeking to promote voluntary audits to the private sector, the UK Information Commissioner, Christopher Graham, said “These audits are not about naming and shaming those who are getting it wrong.  The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously.  After all, sound data protection practices are irrevocably linked to providing good customer service.”

The ICO completed 26 audits in 2010 - 2011, up 60% from the preceding year.  The ICO has signaled its intention to focus on audits as part of ongoing efforts to promote good data protection practices.

View the ICO’s full Annual Report and Financial Statements 2010/11.