The value of fines issued by the Information Commissioner’s Office (ICO) over the past year has soared by 69% to reach nearly £5m, with higher penalties potentially to come when new EU regulations land, according to new data.
The increase in financial penalties issued by the privacy watchdog brought the total for 2017 to £4.9m, rising from £2.9m the year before, according to data compiled by API developer The SMS Works.
That’s a substantial chunk of the £8.8m in fines issued since August 2015.
Data breaches accounted for over a third (39%) of all fines, with companies including TalkTalk and Dixons Carphone Warehouse on the receiving end of a near-maximum penalty from the ICO for systemic failings that led to customer data theft.
That doesn’t bode well for organizations after May 25, when the GDPR finally comes into force.
It will bring with it new maximum financial penalties of 4% of global annual turnover, or £17m, whichever is higher. The ICO has moved to dampen speculation it will be looking to issue crippling charges from day one.
“It’s scaremongering to suggest that we’ll be making early examples of organizations for minor infringements or that maximum fines will become the norm,” wrote information commissioner Elizabeth Denham.
However, those organizations that fail to show they have their customers’ and employees’ best interests at heart when it comes to data protection may be in for a shock.
“The fines data should act as a wake-up call to all companies and organizations that process and handle consumer data,” The SMS Works founder, Henry Cazalet, told Infosecurity.
“The clock is ticking and companies that haven't done so already, need to urgently address data security before the deadline.”
Financial services firms have been hit most frequently by the ICO, 24 times since 2015, with the charity sector in second place.
Another area punished more frequently by the ICO is nuisance calls, accounting for 46% of all fines issued by the ICO (£4m ). In fact, nuisance calls offenders on average have been fined to the tune of £91,000, versus £73,500 for data breach offenders, and £40,000 for email spammers.
Interestingly, the highest average fine per incident type is reserved for SMS spammers: £108,000.