Companies Most Likely To Commit A Data Breach

The request was partially successful.

Dear Information Commissioner’s Office,

I would like to submit a request to find out the type of businesses most likely to breach a data protection act. I understand you might keep records of all logged data protection breaches, and would like this information as divided by region (in the UK and overseas if applicable in any circumstance), and divided by industry sector.

It would also be good to have names of organisations where appropriate.

Yours faithfully,

Jessica Pardoe

AccessICOinformation, Information Commissioner's Office

Thank you for contacting the Information Commissioner’s Office. We confirm
that we have received your correspondence.

If you have made a request for information held by the ICO we will contact
you as soon as possible if we need any further information to enable us to
answer your request. If we don't need any further information we will
respond to you within our published, and statutory, service levels. For
more information please visit:

[1]https://ico.org.uk/about-the-ico/our-inf...

If you have raised a new information rights concern - we aim to send you
an initial response and case reference number within 30 days.

If you are concerned about the way an organisation is handling your
personal information, we will not usually look into it unless you have
raised it with the organisation first. For more information please see our
webpage ‘raising a concern with an organisation’ (go to our homepage and
follow the link ‘for the public’). You can also call the number below.

If you have requested advice - we aim to respond within 14 days. 

If your correspondence relates to an existing case - we will add it to
your case and consider it on allocation to a case officer.

Copied correspondence - we do not respond to correspondence that has been
copied to us.

For more information about our services, please see our webpage ‘Service
standards and what to expect' (go to our homepage and follow the links for
‘Report a concern’ and ‘Service standards and what to expect'). You can
also call the number below.

For information about what we do with personal data see our [2]privacy
notice.

If there is anything you would like to discuss with us, please call our
helpline on 0303 123 1113.

Yours sincerely

The Information Commissioner’s Office

Our newsletter

Details of how to sign up for our monthly e-newsletter can be found
[3]here.

Twitter

Find us on Twitter [4]here.

 

References

Visible links
1. https://ico.org.uk/about-the-ico/our-inf...
2. https://ico.org.uk/global/privacy-notice/
3. https://ico.org.uk/about-the-ico/news-an...
4. http://www.twitter.com/ICOnews

Information Commissioner's Office

25 March 2019

 

Case Reference Number IRQ0830764

 

Dear Ms Pardoe,

Request for Information
 
Thank you for your correspondence which we received on 19 March 2019, in
which you have made a request for information held by the Information
Commissioner's Office (ICO). 
 
Your request has been passed to the ICO’s Information Access Team, and is
being dealt with in accordance with the Freedom of Information Act 2000
under the reference number shown above. 
 
As you are probably aware the FOIA provides individuals with the right of
access recorded information held by public authorities. It is important to
note that a release under FOIA is applicant blind and therefore
effectively a release to the wider world.
 
We will respond to your FOIA request promptly, and no later than 16 April
2019, which is 20 working days from the day after we received your
request.
 
Should you wish to reply to this email please be careful not to amend the
information in the ‘subject’ field. This will ensure that your reply is
added directly to your case.
 
Yours sincerely
 

Shannon Keith
Senior Information Access Officer, Risk and Governance Department
Corporate Strategy and Planning Directorate
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow,
Cheshire SK9 5AF
T. 0330 313 1636  F. 01625 524510  [1]ico.org.uk  [2]twitter.com/iconews
For information about what we do with personal data see our [3]privacy
notice.
Please consider the environment before printing this email

 
 
 
 
 
 

References

Visible links
1. http://ico.org.uk/
2. https://twitter.com/iconews
3. https://ico.org.uk/global/privacy-notice/

Information Commissioner's Office

5 April 2019

 

Case Reference Number IRQ0830764

 

Dear Ms Pardoe,

Request for Information
 
Thank you for your recent request for information. We received your
request on 19 March 2019. Further to my acknowledgement on 25 March 2019
we are now in a position to provide a response
 
I have dealt with your request in accordance with your ‘right to know’
under section 1(1) of the Freedom of Information Act 2000 (FOIA).
 
Request
 
In your email you asked:

“I would like to submit a request to find out the type of businesses most
likely to breach a data protection act. I understand you might keep
records of all logged data protection breaches, and would like this
information as divided by region (in the UK and overseas if applicable in
any circumstance), and divided by industry sector. It would also be good
to have names of organisations where appropriate.”

Response
 
Publicly available datasets
 
I can advise you that the information you have requested is available on
our website as we publish datasets regarding our data protection casework.
Datasets are available back to the 2014/15 Financial Year. By following
[1]this link you can search any organisation or sector you are interested
in to see how many cases have been reported about them.
 
You can filter each column to help you locate the information you are
seeking. For example, data protection breaches reported by data
controllers can be found by filtering column B ‘Case Type’ to ‘DPA
Compliance – Compliance Request’. You can filter by industry sector in
column ‘H’ and the name of the specific organisation is in column ‘P’.
 
While the ICO has offices in England, Scotland, Wales, and Northern
Ireland, we are the independent body set up to uphold information rights
for the whole of the UK so our casework isn’t divided by region or
country.
 
Datasets are available up to the end of 2017 and we intend to soon publish
information for 2018 and 2019. Although we are behind at this time I can
confirm that we are looking at the first half of 2018 in bulk with a view
to publishing these statistics in the near future. Further documents will
then be published on a monthly basis again.

You can find further information on our data protection case outcomes
[2]here. 
 
Published regulatory action
 
You may also be interested in enforcement action the ICO has taken in
relation to data protection breaches. We publish information about
enforcement notices, monetary penalties, undertakings, and prosecutions on
the [3]Action We’ve Taken page on our website.
 
A database of the civil monetary penalties we’ve issued is available
[4]here. This database can again be sorted by organisation or sector, and
also provides information regarding the nature of the breach and the
amount of the monetary penalty issued.

As this information is publicly available, it is technically withheld
under Section 21 of the FOIA – information accessible to the applicant by
other means. This concludes my response.
 
Review Procedure
 
I hope I have answered your question and provided you with some useful
information. However, if you are dissatisfied with this response and wish
to request a review of our decision or make a complaint about how your
request has been handled you can write to the Information Access Team at
the address below or e-mail [5][ICO request email].
 
Your request for internal review should be submitted to us within 40
working days of receipt by you of this response.  Any such request
received after this time will only be considered at the discretion of the
Commissioner.
 
If having exhausted the review process you are not content that your
request or review has been dealt with correctly, you have a further right
of appeal to this office in our capacity as the statutory complaint
handler under the legislation. To make such an application, please write
to our Customer Contact Team at the address given or visit our website if
you wish to make a complaint under the Freedom of Information Act.
 
A copy of our [6]review procedure can be accessed from our website.

Yours sincerely
 
Shannon Keith
Senior Information Access Officer
Information Commissioner’s Office
 
T. 0330 313 1636
 

References

Visible links
1. https://ico.org.uk/about-the-ico/our-inf...
2. https://ico.org.uk/media/about-the-ico/d...
3. https://ico.org.uk/action-weve-taken/
4. https://ico.org.uk/media/action-weve-tak...
5. mailto:[ICO request email]
6. https://ico.org.uk/media/1883/ico-review...