Header image

ICO Issues Stark Warning Over Victims of Data Breaches

“Organisations need to understand that the harm doesn’t end with the breach – that is only where it begins."

Too many organisations fail to fully appreciate the harm they cause when they mishandle personal data, and don’t consider the person that is affected. 

In a blog post, Information Commissioner John Edwards said some breaches “can lead to stigma, fear, discrimination, or even physical danger” for vulnerable people, and the harm they suffer isn’t taken seriously by the organisations responsible. 

“Organisations need to understand that the harm doesn’t end with the breach – that is only where it begins,” he said.

Data Protection About People

Edwards said that data protection has never been about computers or robots, it's about people and in figures revealed by the ICO, it found that 55 percent of adults have had their data lost or stolen - nearly 30 million people - and 32 percent of those affected find out through the media rather than from the organisation itself.

“These numbers highlight a critical issue: too many organisations fail to fully appreciate the harm they cause when they mishandle personal data,” he said. “When a data breach occurs, it’s not just an admin error – it is a failure to protect someone. In many cases if that someone is in a vulnerable situation, they are already facing innumerable personal challenges, or they may be at risk of harm.”

Stark Warning

This led him to issue ‘a stark warning to organisations across the country’, that they must do better. He said many organisations may see a data breach as a temporary setback, but from the perspective of individuals - especially those in vulnerable situations - a breach can have a far-reaching ripple effect that disrupts their lives in ways that some may not fully appreciate.

“We need organisations to step up, to do better, and to recognise the critical importance of data protection in safeguarding people’s lives,” he said. “The ICO is here to help you navigate these challenges. But make no mistake: we expect more from you. 

“The stakes are too high to get it wrong. At the end of the day, it’s not just about protecting data. It’s about protecting people.”

He concluded by saying that the ICO remains committed to working alongside organisations to help them improve their data protection practices, and has published new guidance to support in this endeavour.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Dan Raywood
Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.

Upcoming Events

No events found.