IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Information Commissioner calls level of data breaches "horrifying"

The number of "inexcusable" security lapses surrounding personal data has risen to unacceptable and deeply worrying levels.

The Information Commissioner, the UK's watchdog responsible for access to and the protection of information has told chief executives that the business world has to act now to address severe failures around data security.

Richard Thomas, the head of the independent authority, said the number of security breaches that result in sensitive employee or customer data being leaked is unacceptable. "Over the last year we have seen far too many careless and inexcusable breaches of people's personal information," said the Information Commissioner. "The roll call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying."

Thomas claims that basic data security practices are not being adhered to. "How can laptops holding details of customer accounts be used away from the office without strong encryption? How can millions of store cards fall into the wrong hands? How can online recruitment allow applicants to see each others' forms? How can any bank chief executive face customers and shareholders and admit that loan rejections, health insurance applications, credit cards and bank statements can be found, unsecured in non-confidential waste bags?"

Thomas points the finger at mobile phone network Orange - which last month was found guilty of breaching the Data Protection Act in regards to customer data - and the high street banks in particular. He says the people at the top of these organisations must do better.

"Business and public sector leaders must take their data protection obligations more seriously," Thomas claims. "The majority of organisations process personal information appropriately - but privacy must be given more priority in every UK boardroom. Organisations that fail to process personal information in line with the Principles of the Data Protection Act not only risk enforcement action by the ICO, they also risk losing the trust of their customers."

The Information Commissioner, who has often been criticised for his failure to act, says that from 24,000 enquiries and complaints in 2006/7, his office has prosecuted just 16 individuals and organisations.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022