This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Data watchdog admits to deluge of Central Government breach info

Share this article:
The UK's data protection watchdog has now received 150 notifications of security breaches, with over a quarter of those coming from Central Government.

Many of those breaches reported to the Information Commissioner's Office (ICO) involved serious losses, including the loss of information on criminal proceedings.

Those worrying facts were outlined by David Smith, deputy information commissioner, at a Westminster eForum event on data leakage this morning.

The ICO runs a voluntary scheme, where it encourages businesses and public sector organisations to report significant information breaches. A law which could make the reporting of such breaches mandatory is currently being developed at a European level.

Referring to the loss of 25 million records from Her Majesty's Revenue & Customs last year, and the loss of the details of 600,000 people on an MoD laptop in January, Smith said: "These are not the only cases. They are part of a pattern. We have a voluntary system for data breaches. We've had 150 notifications, with some potentially very serious losses there."

Smith cautiously welcomed efforts in Brussels to develop a law to make the reporting of information breaches mandatory. "There are some benefits," he told SC Magazine. "But it has to be sensible and proportionate, so we're only told about things that matter. It has to be risk-based."

Many information professionals have been calling for the reporting of breaches to be made mandatory because of the growing number of reported cases of information leakage. As well as the infamous HMRC and MoD losses, civil servants have left secret documents on public train services twice in the last month. In the private sector, Norwich Union and Nationwide have been heavily fined by the Financial Services Authority for large losses of information.

The Information Commissioner Richard Thomas is keen that these high profile breaches remain in the public limelight to help to prevent further occurrences.

Thomas is also working on the introduction of new powers which will give his office the authority to levy fines on companies who display poor standards of information security.

Though the powers have in theory already been granted, David Smith estimated today that the ICO would have to wait about six months to levy its first fines. First, a code of practice would need to be drawn up, and the maximum penalty decided.

"We have limited powers of prosecution," said Smith. "We haven't had sanctions that we can impose on organisations that get things recklessly wrong. Now we have been given the power to impose fines. It will take six months or so to come into effect."
Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

NCA wants security pros to become cybercrime fighters

NCA wants security pros to become cybercrime fighters

The UK's National Crime Agency is on the hunt for cyber security professionals to "join the fight against some of the world's most significant cyber criminals" on salaries ranging from ...

GCHQ head says agency was 'never involved in mass surveillance'

GCHQ head says agency was 'never involved in ...

Sir Iain Lobban says GCHQ staff "are normal decent human beings who watch EastEnders and Spooks".

Apple Mac OS criticised for sending search results to third parties

Apple Mac OS criticised for sending search results ...

Apple is under pressure to make changes to the Spotlight feature on the new Mac OS X Yosemite 10.10, which tracks location and sends data back to the firm and ...