Information Commissioner calls level of data breaches "horrifying"
The number of "inexcusable" security lapses surrounding personal data has risen to unacceptable and deeply worrying levels.
The Information Commissioner, the UK's watchdog responsible for access to and the protection of information has told chief executives that the business world has to act now to address severe failures around data security.
Richard Thomas, the head of the independent authority, said the number of security breaches that result in sensitive employee or customer data being leaked is unacceptable. "Over the last year we have seen far too many careless and inexcusable breaches of people's personal information," said the Information Commissioner. "The roll call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying."
Thomas claims that basic data security practices are not being adhered to. "How can laptops holding details of customer accounts be used away from the office without strong encryption? How can millions of store cards fall into the wrong hands? How can online recruitment allow applicants to see each others' forms? How can any bank chief executive face customers and shareholders and admit that loan rejections, health insurance applications, credit cards and bank statements can be found, unsecured in non-confidential waste bags?"
Thomas points the finger at mobile phone network Orange - which last month was found guilty of breaching the Data Protection Act in regards to customer data - and the high street banks in particular. He says the people at the top of these organisations must do better.
"Business and public sector leaders must take their data protection obligations more seriously," Thomas claims. "The majority of organisations process personal information appropriately - but privacy must be given more priority in every UK boardroom. Organisations that fail to process personal information in line with the Principles of the Data Protection Act not only risk enforcement action by the ICO, they also risk losing the trust of their customers."
The Information Commissioner, who has often been criticised for his failure to act, says that from 24,000 enquiries and complaints in 2006/7, his office has prosecuted just 16 individuals and organisations.
Accelerating AI modernisation with data infrastructure
Generate business value from your AI initiatives
Free DownloadRecommendations for managing AI risks
Integrate your external AI tool findings into your broader security programs
Free Download
