High-profile data losses are "an accident waiting to happen"
because security measures are added as an afterthought, according
to the assistant
information commissioner.
Jonathan Bamford warned yesterday that too many companies are
not ensuring they have the right technology in place to limit the
data they hold and prevent it being leaked.
Bamford told the Financial Times that too many companies are
bolting data security safeguards on as an afterthought instead of
designing systems with them in mind.
Embarrassing data losses, such as HMRC's loss of 25 million
personal records on two discs sent through the post, are part of
the price paid for this approach to security.
"It was obviously a bit of an accident waiting to happen," he
said. "They are all things where people have messed up rather than
acted in a malevolent way, which says a lot about what the
safeguards were in the technology itself."
His comments came before the publication of a report by the
Information Commissioner aimed at helping organisations improve
public confidence in the ability of both the private and public
sector to keep data safe.
Bamford said companies should be investing more in
"privacy-enhancing technologies" which aim to minimise the risk of
losing sensitive data.
Measures include stopping data being downloaded onto memory
sticks, preventing the collection of unnecessary details and giving
staff access to data on a need-to-know basis only.
The assistant commissioner said companies should have done
better than they have, as data protection is not "some new fangled
thing" but almost a quarter of a century old.