Reported cyber security incidents involving UK organisations increased by more than 1,000 per cent over the past five years, according to official figures obtained in August by storage company Imation. In 2011 alone, there were 207 serious security breaches in the NHS, 44 in central government, and 277 across the private sector.
So is the UK in the middle of a data security crisis? Deputy Information Commissioner David Smith thinks not. “I don’t think you can necessarily say that more reports mean more breaches. It’s just that awareness of the need to report [has increased]," he said.
This awareness was given a major boost in 2010 after the Information Commissioner’s Office (ICO) was given the power to impose fines of up to £500,000 on organisations that contravene the Data Protection Act. The biggest fine to date – £375,000 – was issued to Brighton and Sussex General Hospital, which allowed hard drives containing highly confidential sexual health data to end up on eBay.
But while fines may have succeeded in bringing the issue of information security higher up the boardroom agenda, the ICO appears to be hungry for more powers, particularly in light of moves in Europe to introduce tough new data protection regulations as early as 2014.
“We’ve been pushing for custodial sentences for a long time,” Smith said. “The government has resisted for a number of reasons. Partly, as a general policy they don’t believe in creating more and more crimes that could carry prison sentences, particularly under the previous justice secretary [Kenneth Clarke]. And then Leveson is looking at this as part of his inquiry [into press practices and ethics], so let’s see how that goes. We do have a new secretary of state for justice [Chris Grayling] who may have a slightly different take on this.”
Smith also revealed that the ICO is “making the case to extend” its powers in other areas, to enable it to “come and check up on local government and health bodies”. In general, the ICO must get permission from an organisation before it can audit it. “We don’t usually have the power to say “Let us in, we’ve come to check on you’,” said Smith.
Does Google know too much about you?
The trend towards non-desktop-based devices is enabling more flexible working practices and behaviours
Date: 29 May 2013
THIS EVENT HAS BEEN POSTPONED DUE TO ILLNESS. Business intelligence is enjoying an upsurge of interest. In an era in which businesses and organisations...
Date: 11 Jun 2013
The enterprise mobility summit will examine how organisations can manage the increasing array of endpoints which are enabling mobile computing in business....