James Kelliher comments in Computer Weekly on recent ICO reprimands for individual data breaches

Associate James Kelliher discusses how the ICO reprimands are failing to hold those responsible for data breaches to account, in Computer Weekly.

James’s comments were published in Computer Weekly, 23 June 2023, and can be found here.

James Kelliher, an associate in law firm Keller Postman UK’s data breach team, said the ramifications of these particular breaches are “massive”, as the context in both cases means there is a real threat of violence occurring: “Obviously the witness has had to move home, whether they actually moved job or change to a different school it doesn’t really state, but they’re still at high risk.”

Kelliher added that while the reprimands from the ICO always lay out a number of remedial actions for the organisations to take, “no follow up is ever done” to ensure all the steps have been adequately implemented.

For Kelliher, this means the reprimands amount to little more than a “slap on the wrist”, and provide limited incentives for the organisations to make the necessary changes.

“We’ve said it for many years, and we’ll continue to say it – once a reprimand has been done, then they need to report back to the ICO within a six-month period to advise on what they’ve done to meet those actions,” he said, adding the ICO needs to go further to ensure trust in how such public institutions are handling people’s data. “Unless it’s followed up, and they’re accountable for it, nobody really knows what’s being put in place.”

In terms of legal liability, Kelliher said while any legal case would need to be taken forward on its merits alone, he would advise those affected by the TVP breach to “proceed immediately”.