This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Data watchdog admits to deluge of Central Government breach info

Share this article:
The UK's data protection watchdog has now received 150 notifications of security breaches, with over a quarter of those coming from Central Government.

Many of those breaches reported to the Information Commissioner's Office (ICO) involved serious losses, including the loss of information on criminal proceedings.

Those worrying facts were outlined by David Smith, deputy information commissioner, at a Westminster eForum event on data leakage this morning.

The ICO runs a voluntary scheme, where it encourages businesses and public sector organisations to report significant information breaches. A law which could make the reporting of such breaches mandatory is currently being developed at a European level.

Referring to the loss of 25 million records from Her Majesty's Revenue & Customs last year, and the loss of the details of 600,000 people on an MoD laptop in January, Smith said: "These are not the only cases. They are part of a pattern. We have a voluntary system for data breaches. We've had 150 notifications, with some potentially very serious losses there."

Smith cautiously welcomed efforts in Brussels to develop a law to make the reporting of information breaches mandatory. "There are some benefits," he told SC Magazine. "But it has to be sensible and proportionate, so we're only told about things that matter. It has to be risk-based."

Many information professionals have been calling for the reporting of breaches to be made mandatory because of the growing number of reported cases of information leakage. As well as the infamous HMRC and MoD losses, civil servants have left secret documents on public train services twice in the last month. In the private sector, Norwich Union and Nationwide have been heavily fined by the Financial Services Authority for large losses of information.

The Information Commissioner Richard Thomas is keen that these high profile breaches remain in the public limelight to help to prevent further occurrences.

Thomas is also working on the introduction of new powers which will give his office the authority to levy fines on companies who display poor standards of information security.

Though the powers have in theory already been granted, David Smith estimated today that the ICO would have to wait about six months to levy its first fines. First, a code of practice would need to be drawn up, and the maximum penalty decided.

"We have limited powers of prosecution," said Smith. "We haven't had sanctions that we can impose on organisations that get things recklessly wrong. Now we have been given the power to impose fines. It will take six months or so to come into effect."
Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Google and Facebook offer free cyber-security tools

Google and Facebook offer free cyber-security tools

Google and Facebook have both launched free open-source cyber-security tools this week, designed to help security professionals spot malware and cyber-attacks.

Mixed results for key Government cyber-initiatives

Mixed results for key Government cyber-initiatives

The Government's Verify scheme to confirm IDs is behind scheuduled uptake, but its CISP threat intelligence sharing scheme is ahead of target.

Hundreds of companies face 2,000 cyber-attacks in EU exercise

Hundreds of companies face 2,000 cyber-attacks in EU ...

The European Network and Information Security Agency (ENISA) conducted a 24-hour cyber-exercise in which more than 200 organisations from 25 EU member states faced virtual cyber-attacks from white hat hackers ...