Information Commissioner Richard Thomas is to take action
against HMRC and MOD over data breaches highlighted by independent
investigations published today.
The enquiries into
HMRC's loss of discs containing the
personal details of 25 million people and the MOD's loss of
laptops containing the details of 600,000 potential recruits,
exposed serious failures in both organisations.
Thomas said in statement that the reports show deplorable
failures at both HMRC and MOD.
He said he would serve enforcement notices to require HMRC and
the MOD to implement the recommendations in the reports.
Thomas said the breaches highlighted in the reports were not
isolated and it was deeply worrying that many other incidents have
been reported.
"Information security and other aspects of data protection must
be taken a great deal more seriously by those in charge of
organisations. No chief executive can now say that data protection
does not matter," he said.
The departments will have to give feedback on their progress
every 12 months for the next three years.
Failure to comply with the enforcement notices is a criminal
offence. The
Information Commissioner's Office (ICO) will be able to impose
fines when recent changes to the
Criminal Justice and Immigration Act come into force.