Record number of data complaints made to ICO
- 15 July 2014
- From the section Technology
The UK's information commissioner has called for better funding for the country's data regulator amid a record number of cases.
Ahead of the release of the Information Commissioner's Office (ICO) annual report, Christopher Graham said the body needed "stronger powers".
In the past year, the ICO issued £1.97m in penalties to companies found to breach data protection rules.
The report highlighted a high number of incidents involving local government.
"In particular, the disclosure of personal data in error," the report read.
In one example, a probation officer pleaded guilty to revealing the new address of a domestic violence victim to the alleged perpetrator. The officer was fined £150, and had to pay £280 in costs.
The ICO said it resolved 15,492 data protection complaints in the last financial year - a 10% rise on the previous 12 months. The number of calls to its advice helpline rose by more than 15%.
The ICO secured 12 criminal convictions and two cautions for the unlawful obtaining or disclosing of personal data.
In another incident, the ICO intervened when Staffordshire Police ran a Twitter campaign naming people charged with drink driving.
"Whilst releasing some details of people charged with criminal offences is acceptable," the ICO ruled, "using a hashtag '#drinkdrivers' is potentially misleading as it implies guilt."
One data security expert said that the ICO had a strong argument for deserving more funds.
"While penalties totalling £1,97m were issued, the ICO only collected £872,000, thanks to a combination of early payment reductions, appeals and impairments," said Chris McIntosh, chief executive of ViaSat UK.
"This is a situation that clearly favours those organisations with the resources to either reduce penalties through early payment or mount a challenge against a judgement.
"Yet with increased funding and powers, the ICO could not only make sure that penalties, financial or otherwise, matched the severity of an offence. It could make its investigations even more thorough: reducing the chances of appeals and making sure that its eventual judgement was both fair and final."
At the launch of the report on Tuesday, Mr Graham said: "Facebook, [NHS] care data, Google: it is clear that organisations' use of data is getting ever more complicated. People need to know someone is watching over their information.
"Independence means someone who's got the resources to take on this ever-growing number of cases. The last 12 months have been a record year - more complaints resolved than ever, more enforcement action taken and more advice given through our helpline.
"And it also means having the powers to act on the more serious complaints. A strong regulator is needed if a data breach affects millions of people.
"To do our job properly, to represent people properly, we need stronger powers, more sustainable funding and a clearer guarantee of independence."
The ICO in the past has been criticised for both being too lenient, and not thorough enough, when investigating companies.
The ICO was described as "sadly lacking" by privacy campaigners when it dropped a 2010 investigation into Google's scooping up of personal information from wi-fi networks when taking pictures for its Street View product.
The ICO dropped its investigation after receiving reassurances from Google - only to re-open it in 2012 after US regulators found wrongdoing on Google's part.
In that year's annual report, it admitted it had not issued a single fine to any firm. However, new powers granted in January 2012 made it easier for the ICO to fine large amounts.
In this year's report, the highest number of complaints relate to nuisance calls. Over the 12 months, 161,720 complaints were made - 46% of which related to automated calls.