176 government data breaches took place in the last year
Public sector beats private sector by more than two to one in reported security incidents
Thomas: The number of breaches notified is less than the total
There were 176 recorded data breaches in the public sector in the past year, according to figures released today by the Information Commissioner’s Office (ICO). The private sector, by comparison, reported 80 cases.
Of those reported by the public sector, 75 were in the health sector, 28 by central government, and 26 by local authorities.
“It is alarming that despite high profile data losses, the threat of enforcement action, a plethora of reports on data handling and clear ICO guidance, the flow of data breaches and sloppy information handling continues,” said Information Commissioner Richard Thomas.
Thomas will use the figures to highlight the risks associated with large databases, to call for tougher sanctions, and to call on chief executives to take responsibility for all personal information an organisation holds.
Earlier this year, parliament decided the ICO should have the power to impose substantial penalties for reckless breaches and the commissioner is calling for this measure to be implemented as soon as possible so the threat of a fine can deter further losses.
The ICO has also requested an increase in the data protection notification fee for large organisations, which will increase its resources, and for more powers to undertake inspections and audits of data controllers.
“We have already seen examples where data loss or abuse had led to fake credit card transactions, witnesses at risk of physical harm or intimidation, offenders at risk from vigilantes, fake applications for tax credits, falsified Land Registry records and mortgage fraud,” said Thomas.
The number of breaches the ICO has been notified about will still fall short of the total, said Thomas.
He said that although storing personal information in databases can lead to benefits such as better customer service, improved efficiency, more effective law enforcement and protection of the vulnerable, it will always carry great risks.
“The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made,” he said.