UK: Axway provides statistics on complaints to the ICO

Axway issued a press release with some interesting statistics on complaints made to the Information Commissioner Office (ICO). They obtained the data under Freedom of Information requests.

Here are some of the statistics they compiled:

  • Since April 2010, 35%  of complaints to the ICO  involved disclosure of personal data and security breaches. This year alone,  the ICO received 1,002 complaints that raised concerns over the disclosure of personal data or breaches of the DPA  –  an average of eight a day.
  • Since its inception, the ICO has received 26,227 data protection complaints that resulted in serving 14 monetary penalties, equating to a mere £1,171,000 in total fines.

Of course, the ICO didn’t have the authority to impose fines until 2008, but there’s still a significantly low fine:incident ratio.  Here’s a breakdown of complaints by year:


  • 10,598 complaints made in relation to breaching DPA
  • 1,722 complaints made related to disclosure of data
  • 657 complaints related to security
  • 3,781 companies were specifically complained about, with financial organisations and government bodies heralding amongst in the top 10 worst offenders


  • 10,074 total complaints requesting assessment under the DPA
  • 1,834 complaints related to disclosure of private data
  • 620 complaints involved security breaches
  • 4,036 companies were specifically complained about for alleged breaches of DPA

2012 To-date

  • 771 complaints about a breach of the DPA raising concerns over personal data
  • 231 complaints concerning security of personal data

If one extrapolates from the partial 2012 data, it looks like 2012 may see more complaints about personal data and security breaches than either of the previous two years.

The table below, provided by Axway, provides an analysis by sector for 2010 v. 2011. They note, ” Interestingly, with the exception of debt collectors making last year’s Top 10 DPA Worst Offender League Table, (which is probably a symptom of the current economic climate), financial lenders and government continue to take the top spots year on year:”

Top 10 DPA Sector Worst Offenders League Table
Ranking 2010 No. of complaints Ranking 2011 No. of complaints
1 Lenders 1,851 1 Lenders 1,505
2 Local Government 1,012 2 Local Government 1,068
3 General business 876 3 General business 1,053
4 Health 825 4 Health 941
5 Central Government 756 5 Central Government 662
6 Policing 665 6 Policing 482
7 Telecoms 512 7 Telecoms 428
8 Education 339 8 Education 361
9 Insurance 304 9 Insurance 334
10 Internet 299 10 Debt Collectors 309


You might think with data such as these that the ICO would start handing out some steep fines to the financial sector as a possible deterrent, but while the ICO has handed out a number of fines to local councils, it has not really gone after the financial sector, raising the question, why?

About the author: Dissent

Comments are closed.