ICO calls for responsibility to be taken on data protection
The privacy watchdog is to call on CEOs to take responsibility for data protection safeguards.
A report published today stated that the number of data breaches reported to the Information Commissioner's Office (ICO) has risen to 277 since HMRC lost 25 million child benefit records nearly a year ago.
Figures released today by the ICO include 80 reported breaches by the private sector, 75 within the NHS and other health bodies, 28 reported by central government, 26 by local authorities and 47 by the rest of the public sector. The ICO is investigating 30 of the most serious cases.
Information Commissioner Richard Thomas will highlight the risks associated with large databases, the need for tougher sanctions to deter data breaches and he will call on chief executives to take responsibility for the personal information their organisations hold in a speech today.
He will challenge CEOs to ensure that the amount of data held is minimised and that robust governance arrangements are in place, and claim that accountability rests at the top.
Thomas said in a statement: “It is alarming that despite high profile data losses, the threat of enforcement action, a plethora of reports on data handling and clear ICO guidance, the flow of data breaches and sloppy information handling continues.
“We have already seen examples where data loss or abuse has led to fake credit card transactions, witnesses at risk of physical harm or intimidation, offenders at risk from vigilantes, fake applications for tax credits, falsified Land Registry records and mortgage fraud. Addresses of service personnel, police and prison officers and battered women have also been exposed. Sometimes lives may be at risk.
“The number of breaches brought to our attention is serious and worrying. I recognise that some breaches are being discovered because of improved checks and audits as a welcome result of taking data security more seriously. More laptops have now been encrypted and thousands of staff have been trained.
“But the number of breaches notified to us must still be well short of the total. How many PCs and laptops are junked with live data? How many staff do not tell their managers when they have lost a memory stick, laptop or disc? Many losses are probably simply undetected.
“Personal information is now the lifeblood of government and business. Used properly and intelligently, personal information can lead to better customer service, improved efficiency, more effective law enforcement and protection of the vulnerable and a better quality of life for everyone. But this means respecting and protecting people's privacy and personal information - data protection - has never been more important.
“As government, public, private and third sectors harness new technology to collect vast amounts of personal information, the risks of information being abused increases. It is time for the penny to drop. The more databases that are set up and the more information exchanged from one place to another, the greater the risk of things going wrong.
“The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made. The more you lose the trust and confidence of customers and the public, the more your prosperity and standing will suffer. Put simply, holding huge collections of personal data brings significant risks.”