The Information Commissioner’s Office (ICO) published its report for the year 2017/18 last month, containing a useful update on the prevalence of information security issues.
Firstly, the ICO reported that the number of data protection concerns raised had risen to 21019 (up 15% from last year). In a similar pattern to last year, 32% of the investigations conducted into these concerns resulted in no action being taken and 35% were resolved purely through issuing advice on good practice to the organisation concerned. The concerns appear to have been broadly distributed across all industry sectors.
Secondly, the ICO announced that self-reported data breaches by organisations had also risen to 3165 (up 29% from last year). Of course it is not clear how much of this increase may be driven by better awareness of the need to report data breaches stemming from the publicity surrounding GDPR. As before, the top sectors for self-reported breaches are:
- Healthcare – 37%
- Education – 11%
- Local Government – 9%
Once again though, it is impossible to day if this is due to a greater frequency of breaches in these sectors or better awareness of the need to report.
Finally the ICO stated that they had issued fines totalling nearly £1.3m for breaches of the Data Protection Act, including the £400 000 fine issued to Carphone Warehouse in January.
Follow the link for more information on how to improve your information security.