The Information Commissioner’s Office (ICO) has issued just four civil penalties since obtaining powers to issue fines for Data Protection Act (DPA) breaches.
The fines, which account for just one per cent of all reported data breaches since the ICO powers were extended to include monetary penalties just over a year ago, total £310,000. The maximum fine that can be imposed for a single offence is £500,000.
The figures, supplied in response to a Freedom of Information request from encryption firm ViaSat, also revealed that during the period the privacy watchdog had only penalised seven private sector organisations, compared to 29 in the public sector. Of the four fines issued, only one was to a private firm.
An ICO spokesman defended the seemingly meagre use of its powers to hit organisations where it hurts – their bank balance – saying the penalties were a big stick that it did not always have to use.
“Our focus as a regulator is on getting bodies to comply with the DPA. This isn’t always best achieved by issuing organisations or businesses with monetary penalties," he said.
"[However] the existence of civil monetary penalties has had a markedly beneficial effect on compliance generally.”
Presumably, new powers welcomed by the ICO today will be used in a similar way. The privacy watchdog can now issue fines for the most serious incidents of firms making unwanted marketing calls or sending unsolicited marketing emails to consumers.
This change – along with other powers granted to the ICO – will come into force as part of an amendment to the UK’s Privacy and Electronic Communications Regulations on 25 May.
The ICO spokesman told V3.co.uk that the action taken depends on the details of each individual case.
Monetary penalties are served only once the Information Commissioner has satisfied a strict set of criteria. This includes evidence that the breach could have caused substantial damage or distress to individuals and that the organisation knew, or ought to have known, that there was a risk that a breach may occur.
“We will always consider the imposition of a monetary penalty where these criteria are met,” he stated.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago