The UK Information Commissioner’s Office (ICO) has delivered its annual report and financial statements for 2014/2015, revealing that it received 14,268 data protection concerns and issued £1,078,500 in fines for legislative breaches over the year.
The number of data protection concerns is actually slightly down from 14,738 in 2013/14. This enabled the information commissioner to improve the speed of its response time to cases, with 73% of cases now finished within 30 days, up from 58% in 2013/14.
The total number of ‘civil monetary penalties’ is also down from £1.97m in 2013/14.
The most common type of data protection request processed by the ICO still relates to subject access, whereby individuals can exercise their right under the Data Protection Act to see a copy of their personal information that an organization possesses. These cases accounted for 46% of the data protection caseload in 2014/15, down slightly from 50% last year.
The ICO received a significant, 11% increase in reports in relation to the Privacy and Electronic Communications Regulation (PECG) – with 180,000 such concerns received in 2014/15. This legislation regulates the use of electronic communications in unsolicited marketing campaigns, including web browser cookies.
Most concerns about nuisance calls and texts received by the ICO related to faux accident claims, payday loans and similar.
In response, the ICO issued five civil monetary penalties totaling £386,000, and issued eight enforcement notices to mandate future compliance.
The freedom of information and environmental information complaint caseload was down slightly for the ICO in 2014/15, with just under 5000 cases received.
The ICO also had a busy 2014/15 when it came to breaches of Section 55 of the Data Protection Act. This section legislates against unlawful acquisition or disclosure of personal data. Prosecutions resulted from 13 of the ICO’s Section 55 cases, leading to 10 criminal convictions.
In data loss incidents, the ICO investigated 1700 self-reported incidents and issued £692,500 in fines. The healthcare industry generated the most of these (439) with local government second (125).
In addition, as a data controller, the ICO received 1200 information requests of its own, and responded to 1177.