Print
Discuss
Send to friend
RSS feeds
Daily news podcast
Information Commissioner Richard Thomas has said that the “alarming” number of security breaches reported to his Office in the past six months is “inexcusable.”
Since the security breach at HM Revenue and Customs in November last year, the Information Commissioner’s Office (ICO) has been notified of almost 100 data breaches by public, private and third-sector organisations.
Of the security breaches that the ICO has been made aware of by private sector organisations, half were reported by financial institutions. Of those reported by public bodies, almost a third occurred in central Government and associated agencies and a fifth in NHS organisations.
He reiterated a warning to chief executives about the vital importance of protecting staff and customers’ personal information.
Information Commissioner Richard Thomas said: “It is particularly disappointing that the HMRC breaches have not prevented other unacceptable security breaches from occurring. The Government, banks and other organisations need to regain the public’s trust by being far more careful with people’s personal information.
“Once again I urge business and public sector leaders to make data protection a priority in their organisations. The level of understanding about data protection and the need to safeguard people’s personal information have no doubt increased and I am encouraged that more chief executives and permanent secretaries appear to be taking data protection more seriously. But the evidence shows that more must be done to eradicate inexcusable security breaches.”
Information that has gone missing includes unencrypted laptops and computer discs, memory keys and paper records. Information has been stolen and gone missing in the post and while in transit with a courier. The material includes a wide range of personal details, including financial and health records.
The ICO is investigating the circumstances of the breaches. In 16 cases the ICO has required the organisation to make procedural changes to improve data security, such as encryption. In three instances the lost information has been recovered.
The ICO encourages organisations to report data breaches and can advise on dealing with breaches and notifying affected customers. The ICO has recently published new guidance for organisations on how to deal with security breaches. A copy of the ICO’s Guidance on data security breach management can be downloaded.
See also:
Public should be protected from cyber-criminals and 'idiots' who break the data protection laws 05 Dec 2007
Lib Dem steps in as Government admits security error could happen again 28 Nov 2007
Details of 26,000 M & S employees could be at risk 11 May 2007
European Commission to make retailers declare theft of customer data under proposed directive 16 Apr 2007
All Internet Privacy & Data Protection
del.icio.us
Digg this
reddit!
