The Information Commissioner, Christopher Graham, appeared on the BBC Radio 4 Today programme this morning to discuss the unwillingness of private companies to accept free data protection audits from the ICO. In their annual report, released today, the ICO revealed around a third of the 603 breaches reported in the 2010/11 period occurred in the private sector.
Although public bodies make up the majority of the breaches, they are obligated to report them, unlike the private sector. A mere 19% of business who were contacted during the period agreed to an audit, this compares to 71% in the public sector.
Mr Graham said:
“Lenders, general businesses and direct marketing companies account for almost a third of total complaints to the ICO, and businesses were the top sector for reporting data security breaches to us last year.”
“Despite this, many of them are still resisting our offer to undergo audits. We've written to organisations we consider to be high risk, but the response has been disappointing.”
Although the ICO consider undergoing an audit to be a ‘badge of honour’, businesses appear to view them as invasive, time-consuming and worthless. It is clear that the current voluntary system of audits is not working, and an alternative is necessary to reduce data breaches.