Over 200NHS organisationshave admitted to losing sensitive
personal information in the past two years, according to the
Information Commissioner's Office (ICO).
These data breaches account for nearly 30% of all data breaches
reported to the ICO since HMRC lost
25 million child benefit records in November 2007.
Nearly a third (32%) of all breaches reported involved
theft.
The ICO said it has investigated organisations, including
several NHS bodies, that have failed to secure their premises and
hardware adequately.
Mick Gorrill, assistant commissioner for investigations, said
organisations, especially NHS bodies, should ensure the level of
security is appropriate for the type of data they are holding.
The ICO has taken action against 54 organisations for the most
reckless breaches in that time, said David Smith, deputy
information commissioner.
"We expect the prospect of a significant fine [from 2010] for
reckless or deliberate data breaches will focus minds at board
level," he said.
UK organisations that break data protection rules could face
fines of up to £500,000 under new ICO powers scheduled to come in
to force from next year.
The new powers will give the ICO formal inspection powers across
government.
The ICO will also increase its auditing role to ensure greater
compliance with the Data Protection Act.