Spike in Complaints to ICO Signals Growing Data Breach Concerns
Recent data reveals a significant increase in complaints regarding potential data breaches, with reports to the Information Commissioner’s Office (ICO) more than doubling since the implementation of stricter regulations in May. According to statistics from commercial law firm EMW, the ICO documented 6,281 complaints filed between May 25 and July 3 of this year, marking a 160 percent rise compared to the same time frame in 2017.
This surge in complaints aligns with the enforceability of the General Data Protection Regulation (GDPR), which imposes hefty penalties on companies for non-compliance, including fines up to €20 million ($16.5 million) or 4 percent of a company’s global revenue. This is a stark contrast to the previous maximum fine of £500,000 permitted under the older legislation, emphasizing the heightened accountability businesses face regarding data protection.
EMW attributes this increased volume of complaints to heightened public awareness driven by intensified media coverage and government advocacy regarding data rights. As individuals become more informed about their rights concerning personal data, there is now greater scrutiny placed on companies’ accountability in protecting sensitive information.
Notably, sectors that manage sensitive personal data—such as financial services, education, and healthcare—were identified as the most frequent sources of complaints. These industries collectively accounted for over a quarter of all reports to the ICO. The rise in complaints is expected to challenge these businesses as they adapt to evolving regulatory pressures.
Several organizations have come under criticism for significant data breaches in recent months. Recently, T-Mobile disclosed a cyber incident that compromised the data of approximately two million customers in the U.S. This revelation followed closely after Superdrug, a UK-based pharmacy, advised its online customers to change their passwords due to claims from cybercriminals that they had accessed the personal data of 20,000 accounts.
James Geary, a principal at EMW, expressed concern over the implications of the growing number of complaints for businesses facing stricter penalties under GDPR. He remarked that the upsurge in complaints could overwhelm companies that may already be struggling with compliance and data security obligations.
The regulatory framework under GDPR has simplified the process by which individuals can request access to their stored data, thereby contributing to the influx of requests. Geary noted that some individuals may be leveraging GDPR’s provisions aggressively, presenting a new challenge for businesses as they navigate compliance while addressing individual inquiries regarding data protection.
As organizations grapple with these new realities, the increased volume of complaints and breach incidents underscores the imperative for robust cybersecurity strategies. Frameworks like the MITRE ATT&CK Matrix provide valuable insight into potential adversary tactics and techniques that could be utilized in data breaches, including initial access, privilege escalation, and persistence. Businesses must remain vigilant in understanding these tactics to bolster their defenses against ongoing and emerging threats in the landscape of cybersecurity.
Overall, the spiking number of complaints reflects an urgent need for businesses to reassess their approaches to data security, ensuring they are not only compliant with regulations but also proactive in safeguarding user data against potential breaches.
