ICO vents frustration as firms spurn free audit

Information Commissioner "disappointed" by poor response from private-sector firms it offered to help last year

The Information Commissioner's Office (ICO) has hit out at private-sector firms who have spurned its offer of a free data protection audit.

The privacy watchdog wrote to 100 organisations in 2010/11 it considered to be at high risk of a data breach. Just 19 per cent of those in the private sector accepted the offer of its services, compared with 71 per cent in the public sector.

The ICO's annual report showed that 603 data breaches were voluntarily reported in 2010/11, nearly a third (186) of which occurred in the private sector.

Information Commissioner Christopher Graham said private sector firms' response had been "disappointing" given the level of risk they face.

"These audits are not about naming and shaming those who are getting it wrong," he said. "The fact that a company has undergone a consensual audit should count as a badge of honour, showing that the business takes data security seriously.

The ICO completed 26 audits in 2010/11, up 60 per cent on the previous year. Following the audits, the ICO found that 92 per cent of its recommendations were being acted upon.

Ross Brewer, vice president for international markets at vendor LogRhythm, said: "This year has been punctuated with a number of high profile organisations that have fallen victim to data breach. As a result you would think those deemed high risk by the ICO would welcome its help in identifying and resolving any potential weaknesses.

"However, the behaviour of those refusing audits is indicative of the attitude that led to this situation in the first place. Too many organisations are in denial about the scale of the threat and the possibility that they will be affected."