Finance, retail and comms firms risk data breaches after ignoring ICO audits

Local government departments, finance companies and communication firms were among those that turned down a free audit of their data protection practices by the Information Commissioner's Office (ICO), V3 can reveal.

A Freedom of Information request by V3 found that a large number of private sector industries passed up the offer, despite being criticised by the ICO as the worst for data breaches last year.

Just two out of 10 communications companies, two out of seven debt collection agencies and one out of nine retail firms agreed to an audit, while only 10 of the 50 companies in the financial industry contacted by the ICO accepted the free audit.

This reluctance was also evident in the public sector. Only eight out of 19 local governments agreeed to an audit, and a police force also rejected the offer.

However, all eight NHS departments and 10 central government departments contacted agreed to the audit, although the Coroners and Justice Act makes audits a legal requirement for central government departments.

V3 asked the ICO for the names of the companies that had passed up the offer, but the watchdog argued that it would be detrimental to its work to name and shame the offending organisations.

"We have decided that the public interest in withholding the information outweighs the public interest in disclosing it," the regulator said.

"Our primary concern is that the release of the names of the organisations would likely prejudice the ability of the ICO to perform its role in disseminating good practice and ensuring compliance with the Data Protection Act effectively."