ICO calls on UK businesses to open their doors to audits and reduce data breaches

Private enterprises make up a third of data security breach claims, but despite this, many continue to resist the offer of an audit by the Information Commissioner's Office (ICO), according to the privacy watchdog's latest annual report.

Private enterprises make up a third of data security breach claims, but despite this, many continue to resist the offer of an audit by the Information Commissioner's Office (ICO), according to the privacy watchdog's latest annual report.

Businesses should be more willing to undergo data protection audits, said Information Commissioner, Christopher Graham, because the ICO's good practice audits are designed to help organisations and businesses meet their data protection obligations.

According to the ICO report, only 19% of businesses contacted by the ICO accepted the offer to undergo free data protection audits. In contrast, 71% of public sector organisations contacted voluntarily agreed to be audited.

"These audits are not about naming and shaming those who are getting it wrong. The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously. After all, sound data protection practices are irrevocably linked to providing good customer service," said Christopher Graham.

According to Mike Smart, solutions director EMEA for security firm SafeNet, there is no excuse for an organisation entrusted with personal data failing to improve data protection. He said the combination of encryption and authentication technology are readily available and proven to work.

"While the ICO doesn't want to come across as naming and shaming, recent high-profile security breaches are making organisations really anxious," Mike Smart said.

The issue is one of trust, said Smart. Organisations are concerned about what may happen if they accept a free security audit, and it uncovers security vulnerabilities the ICO deems they should have known about and been prepared for.

The ICO needs to provide greater assurances to companies that, if they volunteer for audits, they will get pragmatic advice and support, and not open themselves to monetary penalties.

In the past year, the ICO completed 26 audits, a 60% increase on the previous year, and reports that after the audits, 92% of its recommendations were acted upon.


Read more to stay out of trouble with the ICO

Read more on IT risk management