Home : Public Sector : News

Burglaries and theft account for third of data breaches

It’s not just misplaced USB sticks – other devices are getting stolen too, meaning the criminal underworld can access confidential business data.

By Asavin Wattanajantra, 11 Nov 2009 at 14:35

gallery

Burglaries and theft are the the biggest risks when it comes to businesses losing information, accounting for a third of data breaches, according to the Information Commissioner’s Office (ICO).

The ICO said that theft accounted for 231 of the 711 security breaches that have occurred since the infamous loss of 24 million child benefit records two years ago.

More than 200 private sector firms and 209 NHS bodies have reported breaches to the ICO. This is worrying, as the ICO said that the NHS usually held the most sensitive personal data, such as health records.

In a statement, deputy information commissioner David Smith said that while the majority of organisations got data protection right, a significant minority failed to take security seriously enough.

“Unacceptable amounts of data are being stolen, lost in transit or mislaid by staff," he said. "Far too much personal data is being unnecessarily downloaded from secure servers onto unencrypted laptops, USB sticks, and other portable media.”

Currently the ICO can serve organisations with enforcement notices, and force chief executives to sign ‘formal undertakings’ to improve security.

However, in 2010 new powers are scheduled to come into force that will allow the ICO to fine organisations, where there is evidence of a ‘reckless or deliberate’ data breach.

The Ministry of Justice is currently deciding on how much these fines will be, while the ICO is working towards better compliance with the Data Protection Act.

The upcoming Coroners and Justice Bill should also give the ICO formal inspection powers across government.

“People’s data has a value. If you had £10,000 you are unlikely to leave it in the boot of your car; you would put in a safe or deposit it in a bank," said Mick Gorrill, ICO assistant commissioner, in a statement.

“In the same way, people’s national insurance numbers, health records and bank details are valuable assets and organisations must take adequate steps to protect personal data."

Email to a friend

Print this page

< Previous Public Sector : News Next >

1 comments

You need to Login or Register to comment.

Marc Hocking, CTO, Becrypt

The recent statement from the Information Com missioner’s Office that levels of UK data loss are ‘too high’ yet again reinforces the need for organisations to ensure that they treat data with due care and diligence. It is essential to ensure that the right technology solutions are put in place. The proposed £500,000 fines may be an effective wake-up call for businesses, but an Information Assurance policy will not appear overnight. Implementing technology is important, but it is key to remember that there is more to the problem than this. Companies need to sew the importance of data protection and information assurance into the very fabric of the company; there needs to be education for employees, as well as regular updates to security policy. Businesses need to ensure they don’t use a band-aid to cover the potential bullet-hole of data loss.

By Becrypt on Thursday Nov 12