The ICO issued, in the past 12 months, more fines for PECR (Privacy and Electronic Communication Regulations) breaches than ever before. The ICO’s 2016-17 Annual Report, issued today, reveals that the ICO issued 23 penalties totalling £1,923,000. One of the largest fines was £270,000, served on Road Traffic Consult trading as Media Tactics for making 22 million unsolicited automated marketing calls to members of the public.
The ICO also issued 16 civil monetary penalties for breaches of the Data Protection Act, totalling £1,624,500. The largest fine was a £400,000 penalty imposed on TalkTalk.
There were 21 criminal convictions: six convictions for non-notification offences, four convictions for failing to respond to an information notice, and eleven convictions for unlawfully obtaining data. In addition, five cautions were issued for offences under section 55 of the DP Act.
During the year, the ICO conducted 35 audits, 22 information risk reviews; 23 follow-up audits and 58 advisory visits to small and medium sized enterprises (SMEs).
The number of data protection enquiries are on the rise. The ICO received 18,300 complaints which included 300 Right to be Forgotten cases. The ICO intervened in a third of these cases, asking search engines to remove the information. Of all complaints, the ICO was able to resolve 90% of the cases within three months of receipt.
The number of complaints about freedom of information was similar to the previous year with over 5,400 new cases received and 5,100 closed during the year. In two-thirds of the cases, the ICO was able to give a decision within three months, and the majority of cases were concluded within six months of receipt. The ICO issued 1,329 formal decision notices.