The number of
data breaches reported to the Information Commissioner's Office
(ICO) has soared to 277 since the HMRC data disk debacle, and
most of them have been in the public sector.
HMRC lost child benefit details affecting 25 million people
nearly a year ago. Since then, ICO has handled 80 reported breaches
in the private sector, 75 within the NHS and other health bodies,
28 reported by central government, 26 by local authorities, and 47
by the rest of the public sector.
The ICO is investigating 30 of the most serious cases. Richard
Thomas, the Information Commissioner, said, "It is alarming that
despite high-profile data losses, the threat of enforcement action,
a plethora of reports on data handling and clear ICO guidance, the
flow of data breaches and sloppy information handling
continues.
"We have already seen examples where data loss or abuse has led
to fake credit card transactions, witnesses at risk of physical
harm or intimidation, offenders at risk from vigilantes, fake
applications for tax credits, falsified Land Registry records and
mortgage fraud.
"Addresses of service personnel, police and prison officers and
battered women have also been exposed. Sometimes lives may be at
risk."
Thomas said, "The number of breaches brought to our attention is
serious and worrying. I recognise that some breaches are being
discovered because of improved checks and audits as a welcome
result of taking data security more seriously. More laptops have
now been encrypted and thousands of staff have been trained.
"But the number of breaches notified to us must still be well
short of the total. How many PCs and laptops are junked with live
data? How many staff do not tell their managers when they have lost
a memory stick, laptop or disc? Many losses are probably simply
undetected."
As government, public, private and third sectors harness new
technology to collect vast amounts of personal information, he
said, the risks of information being abused increases. "It is time
for the penny to drop", said Thomas.
The more databases that are set up and the more information
exchanged from one place to another, the greater the risk of things
going wrong, he said.
"The more you centralise data collection, the greater the risk
of multiple records going missing or wrong decisions about real
people being made."
Thomas' stance will be a headache for the government, as it
starts to roll out the much maligned national ID card scheme and
its accompanying massive database.
The government has already
kicked a much criticised national database on everyone's
communications into the long grass, announcing a "consultation"
on the plan some time next year.
Early reports had suggested that the comms database would be in
the Queen's speech next month. It is speculated that its deferral
may have something to do with a possible general election next
year.