Tuesday, August 28, 2018
Massive rise in data breach complaints post-GDPR
The Independent reports that complaints to the Information Commissioner’s Office (ICO) about potential data breaches have more than doubled since General Data Protection Regulations came into force in May. Apparently, the ICO received 6,281 complaints between 25 May and 3 July this year, a 160 per cent rise on the same period in 2017:
Under the General Data Protection Regulation (GDPR), companies can be fined €20 million (£16.5m) or 4 per cent of their worldwide turnover, significantly more than the maximum penalty of £500,000 available under the old law.
Greater media attention and government advertising have boosted individuals’ awareness of their data rights and there is now a more public focus on the accountability of businesses in this area, [commercial law firm] EMW said.
The figures show that firms holding sensitive personal information, including financial services, education and health were the most complained about, accounting for more than a quarter of the total.
Several companies have come under scrutiny for large-scale data breaches in recent months. On Friday, T-Mobile revealed that it had been hit by hackers who gained access to the details of around two million of its US customers.
That came two days after Superdrug warned its online customers in the UK to change their passwords after cybercriminals claimed to have obtained personal details from 20,000 accounts.
What is not clear however, is how many of these complaints have been upheld. Without that information it is difficult to make a judgement as to whether businesses really are struggling to implement the new regulations as the law firm allege, or whether there has just been a heightened awareness of data security amongst the general public leading to a greater number of complaints, many of which are based on misconceptions of the new law.
Under the General Data Protection Regulation (GDPR), companies can be fined €20 million (£16.5m) or 4 per cent of their worldwide turnover, significantly more than the maximum penalty of £500,000 available under the old law.
Greater media attention and government advertising have boosted individuals’ awareness of their data rights and there is now a more public focus on the accountability of businesses in this area, [commercial law firm] EMW said.
The figures show that firms holding sensitive personal information, including financial services, education and health were the most complained about, accounting for more than a quarter of the total.
Several companies have come under scrutiny for large-scale data breaches in recent months. On Friday, T-Mobile revealed that it had been hit by hackers who gained access to the details of around two million of its US customers.
That came two days after Superdrug warned its online customers in the UK to change their passwords after cybercriminals claimed to have obtained personal details from 20,000 accounts.
What is not clear however, is how many of these complaints have been upheld. Without that information it is difficult to make a judgement as to whether businesses really are struggling to implement the new regulations as the law firm allege, or whether there has just been a heightened awareness of data security amongst the general public leading to a greater number of complaints, many of which are based on misconceptions of the new law.
