The Information Commissioner's Office (ICO) fines less than one per cent of organisations breaching the Data Protection Act (DPA).
This was the finding of a freedom of information (FoI) request put forward by encryption firm ViaSat. It discovered only 36 out of 2,565 data breaches were acted on by the ICO and just four cases resulted in monetary fines.
The ICO has had the power to fine organisations up to 500,000 for breaching the DPA since April last year, but the total brought in so far has only reached 310,000.
When IT PRO spoke to the ICO this morning, it claimed there was "certain criteria" necessary to impose monetary penalties and they were only enforced for "the most serious breaches causing serious distress."
A spokesperson said: "Our focus as a regulator is on getting bodies to comply with the [DPA]. This isn't always best achieved by issuing organisations or businesses with monetary penalties."
"The action we will take depends entirely on the details of each individual case. The existence of civil monetary penalties has had a markedly beneficial effect on compliance generally. The big stick is there, but doesn't need to be deployed all the time to have an effect."
However, Chris McIntosh, chief executive (CEO) of ViaSat, doubted this theory.
"The ICO has stated that the embarrassment and poor image of a fine will act as a deterrent and an incentive to improve an organisation's grasp of the data protection act. However, if fines are rare and well below the maximum allowed limit, their value as a deterrent drops," he said.
"Organisations will view the rarity of a fine and the associated negative publicity the same way they have viewed the threat of a data breach itself: an event that only happens to other people."
-
Asus ZenScreen Fold OLED MQ17QH reviewReviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
TikTok to open first European data centre in IrelandNews The move could signify a desire to shift its operations away from the US as well as secure its position in the European market
-
MPs in a muddle over GDPR and storing voters' personal dataNews Labour MP Chris Bryant says his staff were told to delete constituents' data
-
Trump resort will not be charged for breaching data lawsNews Presidential hopeful's Scottish golf course failed to register under the Data Protection Act for four years
-
Banks urged to share data but warned over securityNews Experts voice concern over security of open API recommendations
-
EU centralises European open data through one portalNews Open Data Portal will enable public sector bodies to share information
-
Experts question sheer scale of data storage required by Snooper's CharterNews Who will foot bill for physical infrastructure to house UK's browsing histories?
-
Snapchat's T&Cs update could put user data at riskNews Kaspersky said giving the service permission to share pictures with third parties could lead to a serious breach of privacy
-
Transport Systems Catapult launches data sources catalogueNews Intelligent Mobility Data Index could push forward smart transport innovation in the UK
