Thomas: The number of breaches notified is less than the total
176 government data breaches took place in the last year
29 Oct 2008, Rosalie Marshall, Computing
http://www.computing.co.uk/ctg/news/1835682/176-government-breaches
There were 176 recorded data breaches in the public sector in the past year, according to figures released today by the Information Commissioner’s Office (ICO). The private sector, by comparison, reported 80 cases.
Of those reported by the public sector, 75 were in the health sector, 28 by central government, and 26 by local authorities.
“It is alarming that despite high profile data losses, the threat of enforcement action, a plethora of reports on data handling and clear ICO guidance, the flow of data breaches and sloppy information handling continues,” said Information Commissioner Richard Thomas.
Thomas will use the figures to highlight the risks associated with large databases, to call for tougher sanctions, and to call on chief executives to take responsibility for all personal information an organisation holds.
Earlier this year, parliament decided the ICO should have the power to impose substantial penalties for reckless breaches and the commissioner is calling for this measure to be implemented as soon as possible so the threat of a fine can deter further losses.
The ICO has also requested an increase in the data protection notification fee for large organisations, which will increase its resources, and for more powers to undertake inspections and audits of data controllers.
“We have already seen examples where data loss or abuse had led to fake credit card transactions, witnesses at risk of physical harm or intimidation, offenders at risk from vigilantes, fake applications for tax credits, falsified Land Registry records and mortgage fraud,” said Thomas.
The number of breaches the ICO has been notified about will still fall short of the total, said Thomas.
He said that although storing personal information in databases can lead to benefits such as better customer service, improved efficiency, more effective law enforcement and protection of the vulnerable, it will always carry great risks.
“The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made,” he said.
Reader comments
© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Further breaches in 2009 would signal a dangerous complacency.
In light of the multiple high profile data breaches that have hit the headlines in recent months, and today's announcement by the ICO, it is striking to hear that almost a third of companies still do not feel that their information security policies are up to scratch.
After the spate of embarrassing data breaches that filled headlines in 2008, measures should have been taken to avoid similar data faux pas in 2009. A clear grip on procedures concerning the protection of valuable information is only the first step. The key is controlling information: companies must be able to track and eliminate data, even if the device storing it is lost or stolen.
The data losses of 2008 signalled a weakness in companies' security policies but further breaches in 2009 would signal a dangerous complacency and inability to learn from past mistakes.
Posted by: Nick Cater, head of Northern Europe, Iron Mountain Digital 29 Oct 2008
The gap is widening
For me there is no surprise in the public sector beating the private sector by two to one in reported security breaches. The key word here for me being 'reported'. In a way you can take some reassurance that such breaches are being recorded and reported, and therefore are on one level being taken seriously. I suspect that the actual numbers will be somewhat different, as in my experience, many private organisations (as well as public) continue to fail in providing adequate protection for any of their assets.
A gap has developed between the growth in the use of mobile media and in policies and processes aimed at protecting these assets. Technological measures alone will never provide adequate protection. The answer must lie in changing the behaviour of individuals at all levels within organisations, starting at the top and working down to the coal face. It is a well used phrase, but this must be seen as an investment rather than a cost.
I feel a Government big stick drive in the air, which may prove to be a lot more costly than the best practices that exists at the moment.
Big stick or not, I feel doing nothing is not an option for any organisation/business which seeks to minimise loss.
John Minary. Ass IISP
Posted by: John Minary 30 Oct 2008
DaaS is the solution
All these incompetent governmental bodies and QUANGOs would be letting someone who knows what they're doing look after their data for them. Data-as-a-service is the answer: outsource your data management to a specialist. this sort of thing is discussed on my blog: http://www.thewebserviceblog.co.uk/
Posted by: Mr Web Service 04 Nov 2008