Triangular chairs with a gleam of sun rays shining through.

ICO received 309 whistleblower reports from UK employees over data protection failures in last year

Published on 22 March 2022

• Employees' concern over reports coming from sectors that hold sensitive information, such as Healthcare and Education

The Information Commissioner’s Office (ICO) received 309 whistleblower reports in the last year* from employees over data protection failures at their employers says RPC, the international law firm. 

RPC says there are concerns that whistleblower reports are coming from areas that may hold particularly sensitive information, such as healthcare, education and childcare. 

  • Healthcare, 43 whistleblower reports in the last year
  • Education and childcare, 14 whistleblower reports in the last year

Other sectors which saw reports include: General Business (49), Finance, Insurance and Credit (18) and Local Government (18).
Employees typically notify the ICO when they feel a business has not responded properly to a personal data breach or is unlawfully sharing or using personal data of customers.

Partner Richard Breavington explains that employees, as with the wider public, are becoming much more sensitive to any breach of data protection rules to the point that they want to ensure employers  act sensibly.

Richard Breavington explains: “Some employees feel so strongly about how data is being treated in the workplace that they are anonymously reporting to the ICO. 

"While all sectors unquestionably understand the need to keep sensitive data protected, some have enforced more stringent practices, as reflected by a relatively lower number of complaints.

“Employees will also know that the ICO has the powers to levy a potentially significant fine on that employer. Employers are aware of that as well and look to ensure sensitive data held by them is secure and handled with appropriate care.”

Under GDPR, organisations can be fined up to 4% of their global turnover. The ICO’s largest fine to date of £20m was given to a major airline operator following a data breach that affected millions of customers.

*October 31st year end.