In-depth

Lessons to learn from a year of data breaches

In the year since the HMRC data breach, many more have been made public – here’s a roundup of 11 lessons (we should have) learned.

It was the data breach that kicked it all off a year ago this week, the government admitted HM Revenue and Customs had lost two discs containing records on 20 million people.

The tax body had dumped data on a third of the population including children onto a pair of unencrypted discs and sent them off with a courier, not once, but twice.

In the uproar that followed, more and more stories about data breaches in the public and private sector began to be noticed and reported. Indeed, since the mess at HMRC, some 277 such mishaps have been reported to data watchdogs at the Information Commissioner's Office (ICO). Lost USB drives, stolen laptops and even papers left on a train have left millions of people in this country open to identity theft and fraud not to mention, a bit pissed off.

The government responded with amusingly ignorant debates in Parliament and massive reports two were released in one day offering reams of advice on how to avoid another HMRC.

But it's not exactly rocket science, now is it? In case you haven't been paying attention, we've gathered up the top 10 lessons to be learned from this year of data breaches.

Lesson One: The public wants to know about data breachesIt's no surprise newspapers jumped all over the HMRC incident. Uncovering a massive government error, caused by funding cuts and incompetence, is the stuff of happy dreams for journalists trust us on this one.

The tale of millions of records including banking details going missing because of such complete and utter foolishness didn't sit well with the public at all. And it shouldn't. Everyone affected faces identity theft and fraud because of incidents like this one; phishing attacks based on the HMRC debacle have already occurred, and those didn't even require the discs to fall into the hands of criminals.

So HMRC became a watershed. The odd big data breach was covered by the press before last November, but usually only if the story was connected to a large fine. Now, every lost laptop or misplaced memory stick was cause for a headline and outrage. The public you, me and everyone else had learned that poor data management could hurt them.

Unsurprisingly then, people have started calling for data breach notification laws. Companies are not legally required to tell their customers and citizens when data goes missing, but surveys have suggested the general public want such legislation, even if IT directors aren't so enthusiastic. Lesson Two: People can be sackedIt's something many people have called for over the past year someone to be held responsible for data losses. While the head of HMRC Paul Gray did step down after the breach, it was also for overall organizational concerns, which were certainly highlighted by the breach, but not the only symptom of troubles at the tax body.

But since then, laptops and USBs and discs have disappeared, and no one has been publicly sacked except in one case, involving Colchester Hospital.

Featured Resources

The ultimate guide to business connectivity in field services

A roadmap to increased workplace efficiency

Free download

The definitive guide to migrating to the cloud

Migrate apps to the public cloud with multi-cloud infrastructure solutions

Free download

Transform your network with advanced load balancing from VMware

How to modernise load balancing to enable digital transformation

Free download

How to secure workloads in hybrid clouds

Cloud workload protection

Free download

Recommended

ICO launches AI risk assessment toolkit for businesses
Information Commissioner

ICO launches AI risk assessment toolkit for businesses

21 Jul 2021
What is the Information Commissioner’s Office (ICO)?
Information Commissioner

What is the Information Commissioner’s Office (ICO)?

15 Jul 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

17 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

17 Sep 2021