CEOs told - take responsibility for 'toxic' data
Information Commissioner: "it's time for the penny to drop"
Published: 29 October 2008 13:37 GMT by Tim Ferguson
Show related articlesCEOs must take more responsibility to safeguard confidential information according to the Information Commissioner, Richard Thomas.
Speaking at the RSA security conference in London today, Thomas will say chief executives need to ensure the right policies, procedures and training are in place around data and the use of technology.
Reflecting growing concern around the security of information, Richard Thomas was recently voted number three on silicon.com's Agenda Setters 2008 list.
Thomas warns that personal information when lost can be a "toxic liability" and that accountability rests at "the top" of organisations.
In the speech Thomas warns the flow of data breaches and sloppy information handling continues - despite high profile data losses being widely reported and the threat of enforcement action.
The Information Commissioner's Office (ICO) also revealed it is currently investigating 30 serious cases of data breaches and has received 277 reported breaches since the HMRC's loss of the personal details of around 25 million people just under a year ago.
The majority of these reported breaches were in the public sector with 75 from NHS and other health bodies, 28 in central government, 26 by local authorities and 47 from other parts of the public sector.
He adds it's "time for the penny to drop" that as new technology is employed to collect more and more personal information, the risk of abuse increases.
He will go on to say: "The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made."
He will also suggest the number of data breaches is significantly greater than those reported.
The ICO has been arguing for some time that its powers and resources are no longer adequate, and parliament responded by deciding the ICO should have the power to impose penalties for deliberate or reckless breaches of data.
silicon.com's Full Disclosure campaign has been asking for the government to consider legislation that would require organisations to alert customers when there is a risk that their data has been put at risk.
But not everyone agrees with calls for greater honesty about security breaches. Research by security software company Clearswift found 85 per cent of UK IT decision makers it questioned said they don't believe the general public should be informed when a data breach occurs.
The research also found that 62 per cent of the 398 UK public sector decision makers questioned are unaware of the possible introduction of data breach notification legislation. But more than half (53 per cent) of 121 public sector employees questioned said they feel their organisation doesn't spend enough time on information assurance issues.
Who chose the 2008 Agenda Setters?
Reader Comments (0)