Businesses in the private sector, so often celebrated for their dynamism and innovation, are lagging behind the public sector in their knowledge and diligence of data protection law, according to the Information Commissioner's Office (ICO).
 

"Businesses need to show that they are taking data protection seriously," said Christopher Graham, the UK Information Commissioner. "Failing to do so could not only lead to enforcement action, it could also do significant damage to their reputation."

Fines of up to £500,000 for breaches of the Data Protection Act

The report's release comes within the same week as Mr Graham has announced he will use the fining powers granted in April this year before the end of November. As reported by IT Pro, the ICO has confirmed it will use its powers to issue fines of up to £500,000 for breaches of the Data Protection Act "soon".

Among the ICO's targets will be Google, whose data protection practices are to be audited by the ICO following the controversial case of its Street View Operation's gathering of information from unsecured wireless networks in the UK. Speaking at a data security event, Mr Graham said that the ICO's powers will mean that companies like Google "can see what happens if they don't go along with what we're submitting."

According to a report by Kable, the ICO says it has seen the majority of data losses from the health service as of 29 October: 377 incidents, some 30% of all the 1254 breaches reported to date. A further 360 cases have been identified in the private sector, along with 184 from local government bodies, 97 from central government, and 149 from other organisations in the public sector.