UK’s data watchdog the ICO has only collected half of data breach fines since 2010

The UK’s data watchdog, the Information Commissioner’s Office (ICO), has reportedly only collected half of data breach fines since 2010.

One of the major problems the ICO is apparently facing is the organisations who are responsible for the data breaches going into liquidation and avoiding large fines, which the ICO has little power to stop. Despite the ICO asking the government for the power to enforce fines against company directors, something the government reportedly said they would look at in 2016, they remain unable to pass fines on to bosses, leaving a large loophole in the data breach justice system.

Although there are some legitimate reasons as to why there are companies who don’t pay the fines right away – appeals and instalment plans being two of them – there are reportedly millions of pounds in unclaimed fines that have not been collected because the companies responsible for the data breaches have gone into liquidation.

What’s perhaps worse is the fact that some of these organisations who have avoided paying ICO fines by going into liquidation have engaged in blatant data breaches, making it likely that they knew full well they would be able to get away with their behaviour and avoid the fine. A lot of these companies are the ones who are breaking electronic communication laws for marketing with nuisance calls and test massages.

With the new GDPR in force that can allow fines to amount to millions, it’s clear that the ICO are in need of far greater powers to be able to enforce fines and ensure money is collected. Without the ability to properly enforce fines, some punishments are meaningless.

When people know they can get away with such behaviour, they will.

On the request for the ability to enforce fines against directors, Information Commissioner, Elizabeth Denham, said: “We hope the law change will come to fruition soon to increase the tools we have to protect the public from this modern menace.”