Whistle-blower reports to the ICO at record high in the last year – up 34%

Published on 07 September 2020

The number of whistle-blower reports made to the Information Commissioner’s Office (ICO) about potential data breaches and the misuse of customer information by organisations* is at a record-high, jumping 34% to 427 in the last year, from 319 the previous year, says RPC, the City-headquartered law firm.

Of the 427 whistle-blower reports that were made in the last year, further action was taken with 68 of these reports, including 23 being taken into consideration for investigations. In the previous year, 55 whistle-blower reports were considered for investigation by the ICO.


Whistle-blower reports have increased substantially in the two years since GDPR was introduced. RPC says that greater awareness of online fraud and other forms of data theft has caused more people to report businesses for not taking proper precautions with the data they hold.


RPC says that the ICO has actively been encouraging people to come forward with information on suspected mishandling of data.


Last year, the ICO announced it intended to issue £282m of fines to a major airline and international hotel group, for having put millions of customers’ data at risk. This is a substantial step change in the scale of fines that the ICO has been imposing.


Richard Breavington, Partner at RPC, says: “Whistleblowing is now a major risk for businesses that fail to deal with a data breach properly, or who have failed to take reasonable steps to protect the data they hold on their customers.”


“This makes it more important than ever for businesses who do fall victim to a data breach to respond quickly and to inform the ICO of the data breach if necessary, within the right deadline and ensure customers are informed when they are exposed to a major risk.”


“Whilst the ICO has indicated that it is exercising forbearance during coronavirus, businesses would be wrong to think that is a free pass.”


“With millions of employees continuing to work from home, businesses need to have clear practices in place. For example, recommending multi-factor authentication if employees are using their own devices for work and advising employees to update software regularly so it’s at a lower risk of being hacked into.”


Whistle-blower reports on data breaches to the ICO jump 34% in the last year

Whistleblower report 2020

*Year-end March 31 2020, includes organisations

Stay connected and subscribe to our latest insights and views 

Subscribe Here