CEOs blamed for "horrifying" data blunders

The UK's information commissioner is calling on CEOs to take the security of customer and staff information more seriously.

Richard Thomas wrote in a report: "The roll-call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying."

Thomas added: "How can laptops holding details of customer accounts be used away from the office without strong encryption? How can millions of store card transactions fall into the wrong hands?"

The Information Commissioner's Office (ICO) received almost 24,000 enquiries and complaints concerning personal information and prosecuted 16 individuals and organisations in the past 12 months, according to its annual report for 2006/07.

silicon.com Public Sector

Get the latest public sector news straight to your inbox. Sign up for the PS newsletter today!

Thomas said: "My message to those at the top of organisations is to respect the privacy of individuals and the integrity of the information held about them, to embrace data protection positively and to be sure you are not the business or political leader who failed to take information rights seriously."

The ICO received complaints under both the Data Protection Act (DPA) and Freedom of Information Act.

More than half of DPA cases required the ICO to simply provide advice and guidance, while a breach was likely to have happened in more than one-third of cases, of which a further 77 per cent resulted in remedial actions such as correcting an individual's record or training staff.

The ICO received almost 6,000 complaints under the Freedom of Information Act and has closed more than three-quarters of those.

Public awareness of data protection rights has increased to 82 per cent with more people understanding personal information must be handled appropriately, according to the report.

The information commissioner's plea follows a number of security breaches over the last year, including 12 UK banks which were found to be in breach of the DPA following complaints about the disposal of customer information.

Barclays is facing an ICO investigation over allegations of customer privacy breaches and Orange and Littlewoods were also found to be in breach of the DPA by the ICO this year.