The number of whistleblower reports made to the Information Commissioner’s Office (ICO) concerning data breaches increased by 34% in the last year, bringing it to a record high.

Between April 2019 and March 2020, employees made 427 complaints to the UK’s data regulator, up from 319 in 2018/9, according to law firm RPC.

The ICO took further action in 68 out of the 427 whistleblower reports last year, with 23 considered for investigations. In the previous year, the ICO considered 55 for investigation.

The rise in whistleblower reports coincides with the introduction of GDPR in May 2018. The stricter data regulation threatens financial penalties of up to 4% of global annual turnover for companies that break it.

In July 2019 the ICO announced its intention to fine hotel chain Marriott £99m for failing to protect guest records from hackers, as well as British Airways £183m for breach that saw criminals still customer payment details.

Increased awareness around data protection laws since GDPR’s introduction may explain the increase in whistleblower reports, said RPC.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The ICO has also been encouraging employees to come forward with concerns about data mishandling.

“Whistleblowing is now a major risk for businesses that fail to deal with a data breach properly, or who have failed to take reasonable steps to protect the data they hold on their customers,” said Richard Breavington, partner at RPC.

“This makes it more important than ever for businesses who do fall victim to a data breach to respond quickly and to inform the ICO of the data breach if necessary, within the right deadline and ensure customers are informed when they are exposed to a major risk.”

During the pandemic, the ICO has said it will be more flexible when investigating organisations and take into account the challenges they face.

However, Breavington said it would be “wrong to think that is a free pass”.

“With millions of employees continuing to work from home, businesses need to have clear practices in place,” he added.

“For example, recommending multi-factor authentication if employees are using their own devices for work and advising employees to update software regularly so it’s at a lower risk of being hacked into.”


Read more: ICO Children’s Code mandates changes to websites, games and apps