By Steve Ranger, 22 April 2008 10:55
NEWS
Nearly 100 leaks of sensitive personal information have been reported to the data protection watchdog in the last six months.
Organisations continue to lose sensitive personal data - despite high profile cases such as the HM Revenue & Customs (HMRC) data breach, and the Information Commissioner Office (ICO) has warned chief executives to protect staff and customers' personal information following an "alarming number" of security breaches reported to his office in the past six months.
Since the security breach at HMRC in November last year, the ICO said it has been notified of almost 100 data breaches by public, private and third sector organisations. The public sector accounted for 62 breaches and the private sector for 28.
silicon.com's Full Disclosure campaign - what we are asking for...
silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.
We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers if there is a chance the breach has put individuals' sensitive personal data at risk.
We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below or emailing us at editorial@silicon.com.
The ICO said half of the private sector breaches were reported by financial institutions. Of the public sector lapses, almost a third occurred in central government and a fifth in the NHS.
The breaches include unencrypted laptops going missing as well as computer discs, memory sticks and paper records. Information has been stolen, gone missing in the post and while in transit with a courier, and the ICO said the material includes a wide range of personal details, including financial and health records.
Richard Thomas, the Information Commissioner, said it was "particularly disappointing" the HMRC breaches have not prevented other security breaches from occurring, and said the government, banks and other organisations need to regain the public's trust by being far more careful with personal information.
"Once again I urge business and public sector leaders to make data protection a priority in their organisation," he said in a statement.
He said that while more CEOs appear to be taking data protection more seriously, more must be done to eradicate "inexcusable security breaches".
The ICO said in 16 of the cases it has required the organisation to make changes to procedure to improve data security, such as encryption. In three instances the lost information has been recovered.
Comments
There is 1 comment. Join the discussion
1. Karen Challinor
but of course the NIR/ID card scheme won't have any of these problems, it will be perfect, it will be run by superpeople who never make mistakes and can't be corrupted on hardware that never breaks down and doesn't wear out, with oooodles of spare capacity to handle the peak usage times, everyone will work in the best interests of the public and absolutely no one but criminals will be arrested for any crime ever again
and if we swallow that then Mr Brown was right to regard us as too thick to understand the complex issues of government
and still no sign of the extra powers to do spot inspections of government departments that the ICO was promised nearly six months ago in that "heat of the moment", "off the cuff and not to be taken seriously" remark by Mr Brown