Businesses are conspiring to conceal data leaks from the ICO

Many are consulting law firms to determine just how much they can get away with

Businesses are ducking legal action by not reporting data leaks that they can conceal

There are just as many data breaches that go under the Information Commissioner’s Office (ICO) radar as are discovered, according to a key speaker at a data protection roundtable today.

The roundtable was hosted by security firm Sophos, with guests from Lloyd’s Banking Group, Vodafone and Everything, Everywhere, and law firm Field Fisher Waterhouse (FFW).

Stewart Room, partner at the Privacy and Information Law Group of FFW, explained that when many businesses become aware of a data leak, they will carry out a risk assessment with their lawyers.

“When businesses find out about a data leak, they sit down with the lawyer and discuss the likelihood of the news leaking,” said Room.

“They try to work out the chance of the public finding out or a member of public telling the press or the ICO, then make a judgment call based on this. Very often they'll ride it out. Many choose to bury bad news," he said.

The ICO recently revealed that the number of data breaches involving personal information reported to the body surpassed the 1,000 mark, and has increased by 30 per cent year on year, with an estimated equivalent number of breaches going unreported.

Room argued that the current legislation is ineffective and called for an amendment to the Data Protection Act allowing citizens to file a court case where their personal data has been leaked.

As it stands, ordinary citizens do not have the option of court action if their personal details have been leaked.