The Information Commissioner's Office (ICO) is more carefully selecting which companies it fines for suffering data breaches, new figures suggest.
Released today, the data protection watchdog's annual report showed the overall size of financial penalties issued to companies and organisations who have leaked customer data has fallen by almost half, down to 1.3 million from almost 2 million last year.
However, despite this substantial drop, the amount of money eventually paid to the ICO has decreased by just 115,000.
This is because, while last year saw companies successfully reclaim 580,000 through appeals, there were no such appeals this year.
According to network security firm ViaSat UK's CEO, Chris McIntosh, these figures "could suggest that the ICO is being smarter about how it picks its battles, and not pursuing cases that could result in a costly and ultimately counter-productive appeal".
"After last year, where more than half of the consolidated fund's supposed income was eliminated, this can be seen as a serious improvement."
However, he also suggested that the ICO could be in some financial difficulty. He cites the fact that the Commissioner's Office could be having to pick cases that are less likely to go to appeal, potentially indicating a lack of resources.
While the ICO's overall spending has dropped, McIntosh said: "This year's report suggests it is operating against the limits of its financing."
"If we are to ask the ICO to take greater action against those breaking the data protection act; to be able to monitor and audit organisations as it feels necessary; and to have greater power to enforce data protection best practice, it is clear that this funding needs to increase," he added.
The news comes after Juniper Research predicted data breaches will cost companies $2.1 trillion by 2019, four times the expected cost for leaks in 2015.
-
AI recruitment tools are still a privacy nightmare – here's how the ICO plans to crack down on misuseNews The ICO has issued guidance for recruiters and AI developers after finding that many are mishandling data
-
“You must do better”: Information Commissioner John Edwards calls on firms to beef up support for data breach victimsNews Companies need to treat victims with swift, practical action, according to the ICO
-
LinkedIn backtracks on AI training rules after user backlashNews UK-based LinkedIn users will now get the same protections as those elsewhere in Europe
-
UK's data protection watchdog deepens cooperation with National Crime AgencyNews The two bodies want to improve the support given to organizations experiencing cyber attacks and ransomware recovery
-
ICO slams Electoral Commission over security failuresNews The Electoral Commission has been reprimanded for poor security practices, including a failure to install security updates and weak password policies
-
Disgruntled ex-employees are using ‘weaponized’ data subject access requests to pester firmsNews Some disgruntled staff are using DSARs as a means to pressure former employers into a financial settlement
-
ICO reprimands Coventry school over repeated data protection failuresNews The ICO said the academy trust failed to follow previous guidance, which caused a serious data breach
-
ICO dishes out fine to HelloFresh for marketing spam campaignNews HelloFresh failed to offer proper opt-outs, the ICO said, and customers weren’t warned their data would be used for months after they cancelled
