Information Commissioner: Companies ‘must do better’ to tackle ‘ripple effect’ of data breaches

Information Commissioner (ICO) John Edwards has called on businesses “to do better” and stop the “ripple effect” of data breaches as new findings show almost 30 million people in the UK have had their data lost or stolen.

Edwards has urged for “empathy and action” after research suggested a lack of support for those who had suffered a breach.

Gathering more than 5,500 responses, an ICO survey found more than half of UK adults have had their data lost or stolen, with 30 per cent of them having experienced emotional distress as a result. However, a quarter said they received no support from the organisations responsible and almost two thirds revealed they had found out about the breach through the media rather than from the organisation itself.

The commissioner said: “There are two important things I need organisations to understand: empathy and action. You have a role to stop the negative ripple effect in someone’s life from spreading further. It is vitally important to acknowledge what has happened, be human in your response and commit to making sure it doesn’t happen again.”

Other qualitive research carried out by the ICO revealed some victims had felt forced out of their job and faced discrimination following a breach, while others had had to move homes.

John Edwards said people in vulnerable situations - such as survivors of domestic abuse and those living with long-term health conditions- are often disproportionately affected by such breaches, adding the unauthorised disclosure of their personal data can lead to “stigma, fear, discrimination, or even physical danger.”

Edwards said: “We trust organisations with some of the most sensitive personal information imaginable, yet these data breaches continue to happen. This is not just an admin error – it is about people. When data is mishandled, it can have serious and long-lasting consequences, particularly for people in vulnerable situations. We need organisations across the country to do better.”

The commissioner’s statement follows on from a string of high-profile data breaches across the UK. In February, NHS Dumfries and Galloway was hit by a cyber-attack which led to a “large volume” of personal data being leaked onto the dark web, while in September 5,000 people had their details hacked after Transport for London suffered an attack.

He added: “The stakes are too high to get it wrong. At the end of the day, it’s not just about protecting data. It’s about protecting people.”