Companies that fail to keep personal data safe risk long-lasting reputational damage, the UK privacy watchdog warns.
According to a YouGov poll commissioned by the Information Commissioner’s Office (ICO) to mark European Data Protection Day, nearly 80% of UK consumers would think twice about doing business with an online company that has failed to protect personal data.
The negative impact created by media coverage of data breaches can have a greater effect than the ICO’s monetary penalties, according to information commissioner Christopher Graham
“Companies that play fast and loose with people’s personal information risk the wrath of the ICO, and that means fines of up to £500,000,” he is expected to tell the Advertising Association’s leadership summit in London.
“A heavy fine is bad enough, but the time, energy and money it takes to rebuild customer confidence can be as severe a punishment as the fine itself.”
The YouGov polls also shows that 20% of UK consumers would stop using a company’s services after hearing news of a data breach, while 57% would consider stopping. Only 8% said the coverage would make no difference and 14% said they did not know.
Commenting on the YouGov poll, Graham said the knock on effect of a data breach can be devastating for a company. “Getting hit with a fine is one thing, but when customers start taking their business – and their money – elsewhere, that can be a real body blow.”
However, the ICO said keeping personal data secure is just part of the picture, as 95% of those polled by YouGov said it was “very” or “fairly” important that companies were clear from the outset about how their personal information would be used. Some 94% said it was “very” or “fairly” important that their information was not shared with other companies, and 96% said it was “very” or “fairly” important for companies dealing with personal details to keep that data secure.
“It is clear that people care about what happens to their personal information. Getting it right is not only an obligation under law, but it should be central to an organisation’s reputation management,” the information commissioner said.
Although £500,000 is currently the greatest money penalty for serious breaches of the UK’s data protection law, UK companies will face much bigger fines under coming European legislation.
The General Data Protection Regulation that is expected to come into force across Europe in 2018 provides for fines of up to €20m or 4% of global annual turnover, whichever is the greater.