Christopher Graham Ico Data Protection

ICO to advertisers: we’re friend not foe when it comes to governing data marketing effectively


By Jessica Goodfellow, Media Reporter

January 28, 2016 | 3 min read

The Information Commissioners Office (ICO) may now have the power to fine brands up to £500,000 if they play fast and loose with peoples’ data but it would rather act as a partner to combat the reputational risk of security breaches.

Christopher Graham, information commissioner at the ICO, warned attendees at the Advertising Association’s Lead event earlier today (28 January) that the time, money and resource it takes to rebuild customer trust can be costlier in the long-term than any fine could be. Rather than view the ICO as a "regulator waving a big stick" that is part of the costs, he championed its willingness to "partner with data controllers provided you’re seriously thinking about balancing the opportunities and risks".

"The ICO can be a partner because we want to be an enabler of good things," he added. "If you want all the benefits of digital you have to manage the risk."

Fundamentally, this change in tact from the ICO stems from how people care about their data. As much as 8 out of 10 people would think twice about giving their data to a company that has failed to stop its data security breach, according to a YouGov study it commissioned.

One in five (20 per cent) people would definitely stop using a company after hearing news of a data breach, while more than half (57 per cent) would consider stopping, with only 8 per cent claiming it wouldn't make a difference to their perception and engagement with the company.

Graham went on to explain that the lack of data protection within companies is an issue that requires leadership to enable better reputation management. Data protection is something industry leaders need to take responsibility for, he advised, instead of being left to "IT down the corridor". The ICO’s stance mirrors the wider desire within the public for chief executives to engage their customers, with many observers claiming the age of the 'shadow CEO' over - they must lead from the front now.

Blame placing and pointing the finger is a trend that re-occurs often in issues of data protection, but could be avoided altogether if companies "thought about the consequences of people walking away", added Graham.

With great data comes great responsibilities, since it is fast becoming central to profitability for many businesses. Graham reiterates: "data is the new oil but it’s also the new asbestos….It's not about what you do with all the data, it's about what you should do. It's about making sure yours are the responsible brands."

The confusion around data protection was epitomised perfectly in a live poll carried out in the room at the Advertisers Association event this morning (28 January), in which a majority agreed that their personal companies were handling data correctly, yet nearly 80 per cent agreed advertising as a whole was not.

Christopher Graham Ico Data Protection

More from Christopher Graham

View all


Industry insights

View all
Add your own content +