Sharp increase in penalty notices issued by ICO

In 2012/13, the number of monetary penalties imposed by the Information Commissioner’s Office (ICO) for serious breaches of the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations (SI 2011/1208) more than doubled, reaching 23 organisations and totalling £2.6 million in fines. Most penalties related to a failure to keep personal information secure, while large fines were also handed out for unlawful SMS marketing.

The ICO noted in its annual report, that consumer awareness and expectation of how personal data should be handled by businesses remains high and that handling personal data in a proper and legal way is now a commercial imperative for businesses. However, only 10% of businesses surveyed by the ICO were aware of the legal limitations on using customer personal data.