IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Burglaries and theft account for third of data breaches

It’s not just misplaced USB sticks – other devices are getting stolen too, meaning the criminal underworld can access confidential business data.

hand out of computer

Burglaries and theft are the the biggest risks when it comes to businesses losing information, accounting for a third of data breaches, according to the Information Commissioner's Office (ICO).

The ICO said that theft accounted for 231 of the 711 security breaches that have occurred since the infamous loss of 24 million child benefit records two years ago.

More than 200 private sector firms and 209 NHS bodies have reported breaches to the ICO. This is worrying, as the ICO said that the NHS usually held the most sensitive personal data, such as health records.

In a statement, deputy information commissioner David Smith said that while the majority of organisations got data protection right, a significant minority failed to take security seriously enough.

"Unacceptable amounts of data are being stolen, lost in transit or mislaid by staff," he said. "Far too much personal data is being unnecessarily downloaded from secure servers onto unencrypted laptops, USB sticks, and other portable media."

Currently the ICO can serve organisations with enforcement notices, and force chief executives to sign formal undertakings' to improve security.

However, in 2010 new powers are scheduled to come into force that will allow the ICO to fine organisations, where there is evidence of a reckless or deliberate' data breach.

The Ministry of Justice is currently deciding on how much these fines will be, while the ICO is working towards better compliance with the Data Protection Act.

The upcoming Coroners and Justice Bill should also give the ICO formal inspection powers across government.

"People's data has a value. If you had 10,000 you are unlikely to leave it in the boot of your car; you would put in a safe or deposit it in a bank," said Mick Gorrill, ICO assistant commissioner, in a statement.

"In the same way, people's national insurance numbers, health records and bank details are valuable assets and organisations must take adequate steps to protect personal data."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

The state of brand protection 2021

A new front opens up in the war for brand safety

Free download

Recommended

MoJ faces £17.5m GDPR fine over subject access request backlog
data protection

MoJ faces £17.5m GDPR fine over subject access request backlog

20 Jan 2022
Cabinet Office fined £500,000 for New Year Honours data leak
data breaches

Cabinet Office fined £500,000 for New Year Honours data leak

3 Dec 2021
ICO publishes new data protection standards for the adtech industry
data protection

ICO publishes new data protection standards for the adtech industry

25 Nov 2021
Secretary of State retires NHS Digital and NHSX
public sector

Secretary of State retires NHS Digital and NHSX

23 Nov 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
The top programming languages you need to learn for 2022
Careers & training

The top programming languages you need to learn for 2022

23 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022