The U.K. Information Commissioner’s Office (ICO) issued a press release yesterday calling on companies to undergo more data protection audits. (Currently, only some public sector entities in the UK can be made to undergo audits — the ICO can effectively only request to audit a private sector company). The ICO issued the “warning” after releasing new figures that show that the private sector was responsible for almost a third of all data breaches in 2010/2011, and that only 19% of private sector organisations voluntarily accepted to undergo audits by the ICO (compared to 71% in the public sector). The Information Commissioner Christopher Graham proceeded to single out lenders and direct marketing companies as the worst culprits, saying that “many of them are still resisting our offer to undergo audits.”
The ICO also released new figures about the progress of such audits, which show that the ICO performed 26 audits in 2010/2011 — a 60% increase on the previous year. The figures also reveal that over 90% of ICO recommendations were acted upon following an audit.
Additionally, the ICO released its full Annual Report and held an online webcast and Q & A session on its annual performance. While further questions can still be submitted, one colourful answer by the Commissioner regarding the new cookie rules (see our previous posts here, here and here) has already been published: “Website operators”, he said, “[should] take their ‘consent’ obligations seriously under the Privacy and Electronic Communications Regulations — because I’ll be after them if they don’t.”