The UK Information Commissioner’s Office (ICO) recently released its Annual Report and Financial Statements for 2010/11 reviewing data security and the ICOs activities to combat the changing issues.
Although the reporting of data breaches is not a legal requirement, the ICO was informed about 603 data breaches in the 2010/2011 period. Of those, 186 (almost 1/3) were in the private sector. Despite this, businesses contacted by the ICO were mostly unwilling to undergo free data protection audits.
The ICO advises that businesses should be more willing to undergo data protection audit. This advice comes after only 19% of businesses accepted free data audits while 71% of public sector companies did.
"These audits are not about naming and shaming those who are getting it wrong. The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously. After all, sound data protection practices are irrevocably linked to providing good customer service."
Over 100 public and private sector companies were offered free audits. Hopefully changing the perspective on audits will encourage more businesses to avail themselves of this free resource.