ICO puts itself in the dock over data breaches

The UK's data protection watchdog has found itself in breach of the law at least 11 times over the past four years, the Evening Standard newspaper has revealed.

A freedom of information response disclosed that out of 40 complaints made to the Information Commissioner's Office since 2013, seven complaints ended with the ICO being ordered to take action to prevent further breaches, two with compliance advice being given, two with concerns raised and 29 with no breaches of the law being found.

On at least three occasions, ICO officials self-reported breaches after losing or accidentally releasing people's private data.

Liberal Democrat peer Lord Paddick, who made the initial FOI request, said the cases raised uncomfortable questions about how securely people's data were being held by Government organisations. "The ICO is responsible for ensuring that our data is being held safely and securely," he said. "The fact that they have managed to breach their own rules is extremely concerning."

In a letter to Lord Paddick's office the ICO said: "We oversee the Data Protection Act 1998 but we also have to comply with its requirements. This means that on occasion we will have to self-report to ourselves in our capacity as a regulator. It also means that individuals can raise complaints about us, to us, in our capacity as a regulator."