Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsICO Issues Annual Report on Privacy for 2017-2018
The UK Information Commissioner’s Office (ICO) published its annual report last week for 2017-2018. For those not familiar with the office because you were not required to work toward GDPR compliance and are just joining us because of the California Consumer Privacy Act, it is the independent regulator for UK’s data protection and information rights law. They are the primary regulator on data privacy and security under GDPR for the United Kingdom.
The report covers the 12 months through the end of March 2018, so it does not cover the last quarter of the GDPR run up and the first few months of GDPR in effect. We will have to wait until next year for that information. Instead, the data protection legislation in effect during the entire time of the report was the Data Protection Act 1998.
The annual report describes the ICO’s efforts to get the word out about the upcoming privacy law. Based on the numbers, there were, simply put, a lot of questions. They answered more than 235,000 calls to their helpline and just over 29,000 live chats during the 12 months. The ICO’s Guide to GDPR on its website has been viewed 2.5 million times.
Civil Monetary Penalties:
The ICO handed out their largest number and amount of civil monetary penalties – 26 for breaches of electronic marketing laws, 11 for serious security failures and another 11 for fines to charities. In total, there were nearly £5 million of fines issued. Not a significant amount of fines yet, but likely to increase significantly under the authority of GDPR, which authorizes fines of up to 4% of annual global revenue.
It was also briefly mentioned in the overview that they launched the Facebook – Cambridge Analytica investigation and it is ongoing. Although not mentioned in the report, the ICO has indicated that it will levy the maximum possible fine for Facebook as a result.
Data Protection Complaints:
The number of complaints was up 15% over 2016-2017. The ICO received just over 21,000 complaints during 2017-2018. About 31% of the complaints ended in no action and about 35% involved an explanation by the ICO to the Data Controller about how to improve their information practices.
Breach Notifications:
The number of self-reported data breaches went up 29% over the number from 2016-2017. The health sector made up 37% of the breach reports. The next highest sector was education at 11%.
Enforcement Sweeps:
The ICO led the 2017 Global Privacy Enforcement Network Sweep where 24 regulators from around the world looked at the control users have over their personal information. The ICO reviewed 30 websites in the travel, finance and retail sectors, often finding that the privacy disclosures were inadequate. Overall the privacy policies, communications and practices of 455 websites and apps worldwide were assessed.
The Unsolicited Communications Network Sweep with the Canadian Radio-Television and Telecommunications Commission saw nine regulatory and enforcement agencies from 5 countries visit just over 900 websites about consumer complaints relating to affiliate marketing.
Here is the link to the full report.
Contact Clarip for Help with Your Privacy Program
The Clarip data privacy software and team are available to help improve privacy practices at your organization. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If you are working towards GDPR compliance, we can help through our modular GDPR software. Whether you are starting the process with GDPR data mapping software, need privacy impact assessment software, or looking to meet ePrivacy requirements with cookie consent manager, Clarip can help strengthen your privacy program.
If CCPA compliance in 2020 is on your radar, ask us about our California Consumer Privacy Act software. Improve efficiency of responses to data subject access requests with our DSAR Portal, or provide the right to opt out of the sale of personal information with our consent software.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.
