Another day, another miserable data fiasco - it seems there's no end in sight for missing laptops and lost discs.
It's one thing after another: Marks and Spencer told off by the information commissioner's office (ICO), missing discs from the Ministry of Justice and HM Revenue and Customs, and laptops lost by the Ministry of Defence are just the latest in a line of breaches which affect millions in the UK.
It's clear more will happen, but what can the government do to force industry (and itself) to take the right measures to make sure such debacles don't happen again?
There are, of course, technology and policies. Indeed, Whitehall staff were recently banned from removing unencrypted laptops containing data from their offices, but as HMRC's acting chairman Dave Hartnett has already admitted, the failure to protect data is "systemic" - leading some to say tough legislation is the only way to force organisations to keep data secure.
Legislation on the way
And such legislation might be on the way. According to the Ministry of Justice, parliament is currently considering proposals to amend the Data Protection Act.
It said: "Subject to Parliamentary approval, this will provide for terms of imprisonment in addition to existing fines for those found guilty of unlawfully obtaining or disclosing personal data."
What these new penalties may mean is that those found guilty of security breaches could face imprisonment for up to two years - currently only punishable by a £5,000 fine.
On top of these proposals, Information Commissioner Richard Thomas has also demanded new powers of inspection, allowing them to "spot-check" government departments without permission to ensure the security and protection of data.
Indeed, the Information Commissioner Richard Thomas has himself come down on the side of stronger legislation, saying in the House of Commons Justice Committee report on the Protection of Private Data said there was a "need to ensure that safeguards are achieved in practice".
And, a security review by Cabinet Secretary Gus O'Donnell, the Data Handling Procedures in Government: Interim Progress Report, has stressed the need to extend spots checks to the entire public sector and has made a commitment in principle to the introduction of new sanctions under the DPA for the serious breaches of its principles.
Making laws actually work
Such changes are a step in the right direction to getting organisations to take data security more seriously, but figuring out how such things would work in reality is no easy feat, according to Rosemary Jay, partner and head of information law practice at international law firm Pinsent Masons.
Latest Security News
Latest Blogs and Comment
Sharon Jackson
Latest Video
The Midweek Interview: Graham Palmer 2007 pt 2
The Midweek Interview: Michel Robert part two
The Midweek Interview: Josh Claman part three
