Press releases

Companies under the spotlight as reporting of data breaches increases sharply

12 November 2014

  • 24,105 news stories concerning data breaches between January and October 2014;
  • 63% of consumers lack faith in companies’ ability to keep their personal data safe;
  • 44 hours needed every year to understand privacy policies of top 100 websites visited by the British public.

There were 24,105 news stories referencing personal data breaches in the first nine months of this year*, finds Deloitte, the business advisory firm. The figure dwarfs the previous two years’ figures of 5,474 and 4,023, respectively.

The number of very high profile breaches could be contributing to record-low levels of confidence amongst the public about data security. Data Nation 2014 found that 63% of people do not have much or any confidence that companies will keep their personal information and data secure from losses or theft. The lack of confidence may also be explained by increasing levels of consumer awareness that organisations collect and hold large amounts of data about individuals’ everyday lives, from where they bank and who they call to what they post on social media sites. Ignorance may have been bliss for many people, but now that is less and less the case.

Harvey Lewis, Deloitte Analytics director, said: “Consumers buy from companies they trust.  Break that bond and you run the risk of losing your customer. At the absolute minimum, companies should make sure they keep data safe and secure, but they must also explain what data they collect and what they do with it. If companies are open and transparent about this, people may be more willing to share their personal information, particularly if there are benefits they can receive in return. Two-thirds of consumers either don’t mind or are happy to share their personal information if it leads to financial savings, product or service improvement, guidance on meeting personal goals or receiving a personalised product or service.”

Deloitte’s research points to a potential gain to be had if companies improve how they engage with their customers. Almost half (47%) of adults internet users don’t read privacy policies or terms and conditions, meaning people often aren’t aware of how their data is used. Deloitte analysed the privacy policies of the top 100 websites visited by British internet users and found an average of 26 minutes is required to read and understand the content. Unsurprisingly, only 34% of adult internet users agree websites’ privacy policies are clear about how a company intends to use the data it collects.

Peter Gooch, privacy leader at Deloitte, said: “If someone were to read the privacy policies of the top 100 websites, they’re set to lose 44 hours out of their year. Companies should make the privacy policies easier to understand by using every day, clear language. People do care about what’s being collected about them, so organisations need to look at how this information is provided and go beyond simple legal compliance. This could be through using abridged notices to highlight the most salient points, while linking to full policies, or developing microsites that clearly explain how and why information is collected and who it is shared with.  Being clear can increase customer confidence, so it’s companies’ turn to step up to the plate.


*Source: based on a Factiva online news search, correct as at 16 October 2014.

Notes to editors

About the survey
The Data Nation 2014 survey was carried out in England, Wales and Scotland by Ipsos MORI to understand the public’s opinions on the collection and use of personal information by private and public sector organisations. The survey was carried out by face-to-face interviews between 11 April and 21 April 2014 with a national representative sample size of 2,025 people aged 15 and above.  Statistics mentioned throughout the report are based on the above sample size, unless otherwise stated.

The Data Nation research also included a study of data breaches reported to the Information Commissioner’s Office and in the media, and analysis of the privacy policies of the 100 most popular websites visited by UK Internet users.

About Deloitte
In this press release references to Deloitte are references to Deloitte LLP, which is among the country's leading professional services firms.

Deloitte LLP is the United Kingdom member firm of Deloitte Touche Tohmatsu Limited (“DTTL”), a UK private company limited by guarantee, whose member firms are legally separate and independent entities. Please see for a detailed description of the legal structure of DTTL and its member firms.

The information contained in this press release is correct at the time of going to press.

Member of Deloitte Touche Tohmatsu Limited.

Gillian Bishop
Deloitte LLP
+44 (0) 20 7303 0776
+44 (0) 75 4124 3999

Stephanie Dobbs
Deloitte LLP
+44 (0) 20 7303 2636


Did you find this useful?