ICO investigates 791 reported breaches of the Data Protection Act

Company news

London – June 2015

Egress Software Technologies, a leading provider of encryption services, has today released figures from a Freedom of Information (FOI) request to the Information Commissioner’s Office (ICO) that demonstrate a concerning 183% rise in reported Data Protection Act (DPA) breach investigations within the financial services industry in the last two years. This increase saw an alarming 585 incidents reported to the ICO during 2014 alone – more than three times the amount of incidents reported by the legal sector for the same period, which reported 187. In total, 791 incidents have been investigated since the start of 2013.

The research shows that all of the UK’s major banks and lenders – including Barclays, HSBC, Lloyds Banking Group, Natwest, Nationwide and Santander – have reported multiple incidents to the ICO in the last two years. These figures come at a time of increased scrutiny of how the financial services industry handles confidential personal and corporate data. Most recently, the Bank of England was revealed to have inadvertently sent highly sensitive financial information regarding the UK’s EU membership to the wrong email address. In fact, human error continues to drive up the number of breaches in all sectors, with the findings of a FOI request submitted by Egress in November 2014 revealing it responsible for 93%.

Across all industries, the ICO has issued civil monetary penalties in excess of £7.5m, £455,000 of which were levied against financial services organisations. This figure could potentially be set to rise when proposed reforms to the EU General Data Protection Regulation comes to power in the coming years. It is expected that the new legislation will introduce fines of up to 2% of annual turnover for a breach.

Egress CEO Tony Pepper comments: “The financial services industry has a responsibility to us all to ensure that the information they manage on our behalf, including bank accounts, mortgages and insurance policies is protected in a highly secure way. Today’s report, however, casts some major concerns over the mistakes they’re making with the information entrusted to them, whether that be citizens’ personal details or highly confidential reports about the economic future of the country. It is staggering to see financial services firms reporting more than three times the number of incidents than the legal sector, which has recently come under targeted fire from the ICO. Today’s findings suggest that similar, if not harsher, criticism ought to be levied at the banks, building societies and insurance firms too.

“With planned reforms to EU General Data Protection Regulations, the financial services industry must take action now or risk falling foul of laws that could see much tougher penalties handed out for a data breach. In fact, it is interesting to note that the monetary penalties issued by the ICO to this sector have historically been so low – perhaps one of the reasons we’re seeing such apparent complacency when it comes to encrypting and controlling the sensitive information financial firms hold. The technology exists for this industry to secure their confidential information – now more than ever is the time for them to implement it.”

Contact our PR team

Jordan Brackenbury

Jordan Brackenbury

Public Relations Manager

Email Jordan

REBECCA BAILEY MAR LON 02

Rebecca Bailey

Senior Corporate Marketing Manager

Email Rebecca

About Egress

Our mission is to eliminate the most complex cybersecurity challenge every organisation faces: insider risk. We understand that people get hacked, make mistakes, and break the rules. To prevent these human-activated breaches, we have built the only Human Layer Security platform that defends against inbound and outbound threats. Using patented contextual machine learning we detect and prevent abnormal human behaviour such as misdirected emails, data exfiltration, and targeted spear-phishing attacks.

Used by the world’s biggest brands, Egress is private equity backed and has offices in London, New York, and Boston.

You might also be interested in ...