Charities were responsible for 4 per cent of the self-reported data-protection incidents that were handled by the Information Commissioner’s Office in 2016/17, new figures show.
According to ICO data published today, the data regulator dealt with a record 20,919 data-protection complaints and self-reported incidents across all sectors in the year to 31 March, a rise of 14 per cent on the previous 12 months.
In 2016/17 it was alerted to 2,565 breaches of data-protection law by the organisations involved, an increase of 31.5 per cent on the year before.
Of these, 4 per cent – approximately 103 cases – involved charities, making charities the sector with the joint fifth-highest proportion of self-reported incidents, alongside solicitors and policing.
The health sector accounted for 41 per cent of self-reported incidents, local government accounted for 11 per cent, general business for 9 per cent and education for 6 per cent.
The ICO finished dealing with 2,445 self-reported incidents in 2016/17 and handed out monetary penalties in 17 per cent of cases, but was unable to confirm this morning whether any of these involved charities.
In 1,680 cases no action was required, in 638 cases the data controller was required to act and in 68 cases an improvement plan was agreed between the ICO and the data controller. Again, the ICO was unable to say which of these cases involved charities.
In a statement, the ICO said it had become easier for organisations and the public to alert the regulator to concerns because of its new live chat services and online reporting tool for the public and new self-assessment tools for organisations.
Charities were not listed among the 10 sectors causing the most complaints from people outside the organisation, and the ICO did not say in its report how many complaints they had been responsible for.
The ICO also published statistics about the number of issues it had dealt with in relation to marketing and nuisance calls across all sectors.
It received 167,018 complaints about marketing that broke the Privacy and Electronic Communications Regulations 2003 and handed out a record 23 fines, totalling more than £1.92m, for what it called "a range of unlawful marketing activities".
But the ICO did not say which sectors these fines had been issued to or whether any of the organisations so fined had been charities.