recent work

Private Sector reports most data breaches – but they refuse free audits to rectify their problems.

An article in SC Magazine has highlighted the issue that although private companies have reported the most data breaches over the last 12 months, 79% haven’t agreed to a free data protection audit by the ICO.

Christopher Graham, Information Commissioner, said: “Lenders, general businesses and direct marketing companies account for almost a third of total complaints to the ICO, and businesses were the top sector for reporting data security breaches to us last year. Despite this, many of them are still resisting our offer to undergo audits. We’ve written to organisations we consider to be high risk but the response has been disappointing.

“These audits are not about naming and shaming those who are getting it wrong. The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously. After all, sound data protection practices are irrevocably linked to providing good customer service.”

There could be many reasons for this disparity; one of which could be that companies fear the censure of the ICO and how an audit may lay them open to a financial penalty, thus creating a reluctance to accept an audit.

Mike Samrt at SafeNet agrees with this theory:

“While the ICO doesn’t want to come across as naming and shaming, recent high-profile security breaches are making organisations really anxious. The issue here is one of trust: what happens if a high-profile company accepts a free security audit and it uncovers security vulnerabilities that the ICO deem they should have known about and been prepared for? Will they be under scrutiny from the ICO for future?

“My point would be that organisations are reluctant to be audited because they fear the censure of the ICO and how an audit may lay them open to financial penalties. It is something of a Catch 22 and a solution needs to be found if high risk organisations aren’t ready to open up on these concerns.”

Absolute Data provides three data protection services, ranging from just £30 a week for DataWise – a service that ensures organisations are compliant in data protection and privacy management, giving expert knowledge and advice, and reducing the risks that your business might take.

To find out more about this service, as well as our other bespoke data protection packages, DataSure and DataCheck, please email us now at