The UK Information Commissioner’s Office has released its annual report for 2017/18 which hints the UK is starting to present the right attitudes to privacy and data protection.
Privacy and data protection are areas of the technology world which everyone seems to deeply care about, but few seem to want to do anything. Consumers are constantly shocked about the lack of protections offered to their personal information by leaky organizations, but the same consumers are always more than willing to hand over data when it means avoiding payment. It has seemed to be a bugbear of convenience for the consumer, but perhaps this report indicates these attitudes are changing.
“This is an important time for privacy rights, with a new legal framework and increased public interest,” said UK Information Commissioner Elizabeth Denham. “Transparency and accountability must be paramount, otherwise it will be impossible to build trust in the way that personal information is obtained, used and shared online.”
Denham and her team do of course have a challenging task. In the mission statement of the Information Commissioner’s Office some very lofty goals are listed, increasing the public’s trust and confidence in how data is used for instance, or improving standards of information rights practice across industry, though winning this battle will rely not only on companies taking their responsibilities more seriously, but also consumers realising it is also their duty to manage their own personal data. Sceptics would argue neither of these ideas are being taken seriously at the moment, though optimists might point towards the statistics.
The report claims 235,672 calls were received by the ICO’s helpline, an increase of 24.1% year-on-year, while 30,469 live chats were requested, up 31.5%. The caseload from 31 March 2018 to the same date in 2018 has increased from 115 to 3526. Over the course of the year, 21,019 calls were focused on data protection, a 15% increase from 2017, with most people concerned about subject access (39%), the disclosure of data (16%), its accuracy (11%) and securing the right to prevent processing (9%). The sceptics might still have a case that privacy and data protection is not being taken seriously, the fact enquiries and complaints are heading upwards suggests the general public and businesses are starting to acquire a new appreciation for how the digital economy works, as well as the risks.
On the data breach front, the number of self-reported cases is also on the up. 3,172 incidents were reported to the ICO over the course of 2017/18, a 29.6% increase. The majority of these case did not result in a fine, there is wiggle room if a company is able to demonstrate its approach to security could be deemed stringent, though healthcare is proving to be the most porous in the UK, accounting for 36% of the incidents.
Security has seemingly never been a top priority for many organizations, except when trying to generate PR points, though the same could be said of the consumer. The last 12-18 months has seen a change in attitude towards personal information, consumers are more sensitive about giving information out freely, though there does seem to be a lack of understanding of how terms and conditions work in the app economy. How many realise that by playing Clash of Clans, the user is effectively handing over ownership of a lot of personal information?
Awareness is only one area of the industry which needs work, as the ICO also points out there are still a few risks on the horizon. There is still uncertainty over the final wording of the upcoming Data Protection Bill and its enactment, while operational changes necessary to regulate GDPR will cause issue, as will introducing a new funding regime for data protection work.
A lot is changing on the regulatory front, but the worrying question about bureaucrats still remains; are they able to keep up the pace and sheer breadth of change which is constantly taking place in the technology world?