UK data privacy complaints rise in finance & health

Data privacy complaints to the Information Commissioner's Office rose across several major UK industries, according to Bridewell. The finance sector recorded the highest number in both reporting years.

Bridewell compared ICO complaint data from October 2023 to September 2024 with the following 12 months to September 2025. Finance, health, and online technology and telecoms had the highest complaint totals in both periods.

Finance, insurance and credit remained the most complained-about sector, with complaints rising 5% from 4,422 to 4,630. Health ranked second, with complaints increasing from 3,903 to 4,082, a rise of 179 cases.

Retail and manufacturing saw the sharpest annual increase despite lower overall totals than finance and health. Complaints in those sectors rose 12%, from 2,421 to 2,714.

The figures suggest sustained pressure on organisations that handle large volumes of personal and sensitive data. They also point to broader public scrutiny of how businesses and institutions process information, extending beyond the most heavily regulated sectors.

Regulatory Pattern

The analysis also found a shift in how complaints were resolved. Cases resulting in informal action responses fell 22% between the two reporting periods.

At the same time, cases ending with no further action rose 14%. In such cases, the ICO often cites insufficient information.

That pattern suggests a change in the mix of complaints reaching the regulator, with more failing to meet the threshold for further action. It also highlights the importance of clear record-keeping when concerns about data handling arise.

The backdrop is broader regulatory scrutiny of data protection failings, particularly in areas involving vulnerable users and sensitive personal information. Recent UK enforcement has included action against companies over gaps in risk assessment and age-checking processes.

Bridewell said the latest figures reflect operational pressure in sectors where data governance is already a major concern. In financial services, privacy and data protection issues sit alongside cyber security risk and compliance demands.

Its Cyber Security in Financial Services report found that 39% of organisations view data privacy and protection as one of their biggest cyber security challenges. That puts privacy controls alongside incident management and governance as a board-level issue for regulated businesses.

Sector Pressure

For banks, insurers, lenders and healthcare providers, complaint volumes remain high because of the sensitivity and scale of the information they hold. A breach, misuse claim or process failure can quickly lead to public complaints, even when no formal enforcement follows.

Retailers and manufacturers, by contrast, have historically attracted fewer privacy complaints than finance or health. Their sharper increase may reflect broader consumer awareness, larger digital customer databases, and greater reliance on connected systems across sales, logistics and support operations.

The data does not show that every rise in complaints leads to sanctions. It does show where public concern is most often expressed and where organisations may face growing expectations around transparency, record-keeping and response times.

Chris Linnell, Associate Director of Data Privacy at Bridewell, said: "Rising complaint volumes in sectors like financial services and healthcare show that public expectations around data protection continue to grow. Organisations can't treat privacy as a compliance box-ticking exercise; it must be central to business operations."

Linnell also pointed to the financial and reputational consequences of weak controls. He said: "Cases like this highlight the escalating reputational, financial, and operational costs of inadequate privacy controls."