ICO data breaches count soars to 277 with most in public sector, despite HMRC debacle

The number of data breaches reported to the Information Commissioner's Office (ICO) has soared to 277 since the HMRC data disk debacle, and most of them have been in the public sector.

The number of data breaches reported to the Information Commissioner's Office (ICO) has soared to 277 since the HMRC data disk debacle, and most of them have been in the public sector.

HMRC lost child benefit details affecting 25 million people nearly a year ago. Since then, ICO has handled 80 reported breaches in the private sector, 75 within the NHS and other health bodies, 28 reported by central government, 26 by local authorities, and 47 by the rest of the public sector.

The ICO is investigating 30 of the most serious cases. Richard Thomas, the Information Commissioner, said, "It is alarming that despite high-profile data losses, the threat of enforcement action, a plethora of reports on data handling and clear ICO guidance, the flow of data breaches and sloppy information handling continues.

"We have already seen examples where data loss or abuse has led to fake credit card transactions, witnesses at risk of physical harm or intimidation, offenders at risk from vigilantes, fake applications for tax credits, falsified Land Registry records and mortgage fraud.

"Addresses of service personnel, police and prison officers and battered women have also been exposed. Sometimes lives may be at risk."

Thomas said, "The number of breaches brought to our attention is serious and worrying. I recognise that some breaches are being discovered because of improved checks and audits as a welcome result of taking data security more seriously. More laptops have now been encrypted and thousands of staff have been trained.

"But the number of breaches notified to us must still be well short of the total. How many PCs and laptops are junked with live data? How many staff do not tell their managers when they have lost a memory stick, laptop or disc? Many losses are probably simply undetected."

As government, public, private and third sectors harness new technology to collect vast amounts of personal information, he said, the risks of information being abused increases. "It is time for the penny to drop", said Thomas.

The more databases that are set up and the more information exchanged from one place to another, the greater the risk of things going wrong, he said.

"The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made."

Thomas' stance will be a headache for the government, as it starts to roll out the much maligned national ID card scheme and its accompanying massive database.

The government has already kicked a much criticised national database on everyone's communications into the long grass, announcing a "consultation" on the plan some time next year.

Early reports had suggested that the comms database would be in the Queen's speech next month. It is speculated that its deferral may have something to do with a possible general election next year.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.