UK businesses have been reluctant to accept free data protection audits from the Information Commissioner’s Office, the watchdog revealed in July 2011.
The ICO’s annual report revealed that it receives frequent complaints against businesses. Of the 603 data breaches reported to the ICO in the 2010/11 fiscal year, 186, or nearly a third, came from the private sector. A total of 388 were reported from the public sector (the NHS and local and central government, as well as ‘other public sector’), making up more than half of the total.
Despite those issues, only 19% of private businesses who voluntarily disclosed a data breach during the year accepted the offer of a data protection audit from the ICO, compared with 71% of public sector organisations. And only 30% of organisations that the ICO classed as high risk accepted the offer.
“These audits are not about naming and shaming those who are getting it wrong,” said information commissioner Christopher Graham. “The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously. After all, sound data protection practices are irrevocably linked to providing good customer service.”
The ICO also revealed that when organisations do undergo an audit, they typically put 92% of the ICO’s recommendations into practice.