UK ICO Received 36,000 Privacy Complaints and Issued 3 Fines

The Information Commissioner's Office (ICO) of the United Kingdom recently published its annual report, which revealed some intriguing details about data privacy issues in the country.

UK ICO Received 36,000 Privacy Complaints and Issued 3 Fines
UK ICO Received 36,000 Privacy Complaints and Issued 3 Fines | Image credits: Quality Company Formations

In July, the ICO published its annual report for 2020-21, which sets out its operational and financial performance. The agency received 36,607 complaints regarding data privacy, down from previous year (38,514), and issued three fines, according to MyLawRd.

In total, the ICO received 36,607 complaints, of which 31,055 were successfully dealt with. There are currently 12,072 cases still open in the system. The banking, insurance and credit industries accounted for the largest number of complaints, with a total of 4,847 cases. This was immediately followed by the general business (3943) and internet technology and telecommunications (3317) sectors.

Key findings:

The Information Commissioner's Office (ICO) received a total of 9,532 reports of personal data breaches. Overall, it investigated 21.6 % of the notifications it received. It took informal action in 3.9 % of cases, and in only 0.1 % of cases did it identify the breach and impose a less severe sanction.

The healthcare sector reported the most breaches (16.8 %), followed by child care (13.6 %), retail (10.9 %), manufacturing (11.9 %) and financial services (11.9 %). 3.8 % of all data breaches were committed online, according to National Crime Agency.

Only one independent body in the UK protects individuals' privacy and data security: the Information Commissioner's Office (ICO). That department funds it and reports directly to the UK's Parliament (DCMS). A key obligation is working with UK data privacy rules such the Data Protection Act 2018 (also known as GDPR), the Freedom of Information Act 2000, and the Environmental Information Regulations 2000.4.

GDPR sanctions

This year the ICO fined £39.65 million. British Airways was fined £20 million by the European Commission for processing huge amounts of personal data without adequate security measures. The corporation also took over two months to detect a cyber-attack.

Maritott International Inc. was fined another £18.4 million for failing to protect millions of clients' personal data. A data breach in 2014 exposed 389 million visitor records, and the ICO found that the company had not taken appropriate precautions to protect the personal data. Mariott, like British Airways, was unaware of the incident for four years.

Another company that was fined by the ICO is Ticketmaster UK Limited $1.25 million for failing to protect its clients' personal data. Inadequate security procedures allowed a cyber-attack on a chatbot on the company's online payment website. 9.4 million clients in Europe were affected, 1.5 million of them in the UK. The intrusion resulted in the unauthorized use of 60,000 credit cards, the investigation found.