NEWS
The Information Commissioner's Office has said that the rash of data-breach reports in the past five months is due not to more data breaches - but to more people admitting to them.
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
HM Revenue & Customs' loss of 25 million details of people claiming and receiving child benefit was the catalyst for a surge of data-loss reports, an ICO spokesperson told silicon.com sister site ZDNet.co.uk.
The spokesperson said: "More people are stepping forward as they realise the importance of data breaches. We don't think the situation is any worse. Back in July last year we highlighted the need for more data protection."
The ICO released its annual report in July 2007, which criticised "horrifying" security lapses at some of the UK's largest companies.
Increasing scrutiny from regulators, including the ICO, is encouraging more disclosure, said the ICO spokesperson. There is also an ongoing review of data-handling procedures in Whitehall, which the spokesperson said is exposing more data-loss incidents.
The spokesperson added: "People are stepping forward because they want to get it right."
Recent reports of data losses include the loss of a laptop by the Ministry of Defence, disclosed in January, which contained personal details of 600,000 prospective or actual recruits for the armed forces. The MoD also lost the bank details of approximately 3,500 of those people. The DVA admitted to losing thousands of learner-driver details in December, while the NHS said in January it had lost thousands of patient records on a USB drive.
The ICO said that a common thread in these incidents is the devices lost had no encryption. "If people used more encryption, they would have fewer problems," said the spokesperson.
Private companies can also suffer from regulatory scrutiny due to data loss. The Financial Services Authority fined Norwich Union £1.26m in December for failing to manage customer-data adequately.
Financial advisory firm Deloitte said there was increased scrutiny of organisations by regulators. Mike Maddison, head of security and privacy services at Deloitte, said: "The issue of protecting the privacy of sensitive data has never been under such intense scrutiny. Increasingly regulators and watchdogs are examining the approaches organisations are taking to protect this vital private information."
Comments
There are 4 comments. Join the discussion
1. Haydn Rees
From the tenor of this article, it seems that data security breaches are such common practice, that we should not be overly concerned.
Run that by me again?
Call me a stickler for sylogism, but the credibility of your conclusion is somewhat undermined by it not following from your premise.
2. Karen Challinor
ah ok
so this is the normal situation then
so we shouldn't worry about our records entering the public domain
because it's not incompetence, it's just normal and no one needs to be fired
certainly no one in a senior position
so the spin machine finally cranks into gear and in four or five months time these lapses of security will become a good thing and justify the governments stance on the NIR & ID card scheme, unlimited detention for terrorist suspects and a whole host of other liberty removing legislation
3. Roger Huffadine
Toothless ICO - otherwise people would be ensuring that our data is really safe. Yawn - just another useless quango then - situation normal - government front bench full of useless losers - back benches full of expensed dorks and everyone's friend in a quango doing nothing - Hooray
4. Karen Challinor
this will be the government response to the ICO's request for more power and Gordon's inadvertent, heat of the moment, slip of the tongue where the ICO was going to be granted the ability to inspect government departments at will
in short the statement from the government to the ICO was "this is what normally happens so you don't need these powers"