• silicon.com
• Technology
• Security

By Tom Espiner, 14 December 2007 08:31

NEWS

The majority of UK citizens do not trust the government with their data following the HM Revenue & Customs data breach, according to security vendor Symantec.

The personal details of 25 million people claiming or receiving child benefit were lost on two unencrypted CDs in November.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

A survey of 1,000 members of the public, which was sponsored by Symantec and conducted by IPSOS Mori, found 62 per cent of respondents felt their personal data being held by government departments was at risk. The survey was conducted in the aftermath of the data breach.

William Beer, Symantec's European security practice director, said: "Public confidence has been shaken. Six out of 10 people is a sizeable majority but I won't say the results surprised us. This is impacting people and it's not to do with their behaviour online. With this breach, it wasn't possible to change their behaviour to improve security. If this had been a merchant or online store, people could consider not doing a transaction."

Public confidence in the government's ability to safeguard data would have been shaken further by other recent government data breaches, said Beer.

In the past week, UK government departments have admitted losing the names and addresses of thousands of citizens. The Driver and Vehicle Agency in Northern Ireland admitted to losing more than 6,000 motorists' details in the post, Norfolk police admitted losing the details of dozens of prisoners and Sefton Primary Care Trust sent the salary and pension details of thousands of its employees to four unnamed companies.

Beer said: "There will be serious repercussions considering what has happened this week. There seems to be a continuous leakage of data."

The latest security concerns follow worries over the security of public database schemes such as the National Identity Register for the ID cards scheme and ConnectPoint, a database that will contain details of every child in the country.

Beer said: "The new databases are causing a fair amount of legitimate concern in the public's eyes. If the government can't manage the current data set, how will it manage more sensitive data like biometrics?"

The public does not have much confidence in corporations to guard data either, the survey found, with 61 per cent of respondents saying they did not trust businesses to safeguard personal details.

Beer called for a UK data-breach notification law, which would require organisations that suffer a data breach to notify affected parties. He said the law would incentivise companies to better look after their data and that technical means were not enough to secure data.

He said: "It's a myth that technology is a silver bullet. Encryption will definitely help but there are times when you can't use it - there may be issues with keys, or passing the data set. There is a lot of focus needed on awareness [among end users of potential security problems, which is] often a challenging part of a security project. Companies have policies in place and technology in place but the weak link is the individual."

Tom Espiner writes for ZDNet.co.uk