NHS responsible for third of data breaches

The deputy commissioner of the Information Commissioner's Office (ICO) has named and shamed the NHS as the worst offender when it comes to data breaches.

During the opening keynote at InfoSecurity Europe 2010, David Smith highlighted the health service's blunders over the past two years where it accounted for almost a third of all reported data breaches in UK organisations.

"In just over two years, there have 960 data breaches which works out round about 30 a month," said Smith. "The numbers coming in have gone down slightly, but only slightly. They have been pretty consistent for many years which suggests there is still problems."

"The NHS comes out as the biggest single group with 287 meaning around about a third of total data breaches come from the NHS."

Although he admitted the scheme to report data breaches is still voluntary at present and may not give the full picture, he had concerns about problems faced by the NHS.

"[Many] would say 'this is confidential health information, surely they should be better than this?' but this is the largest employer outside of the red army and this is hardly a command and conquer structure," he said.

"There is a real, real, real challenge there but it is worrying that still we see these losses."

Smith admitted there were plans to force an audit on the NHS to get the real picture on both the number of data losses and where they are going wrong, but he felt all organisations needed to buck up when it came to training and awareness around data protection issues.

"Lack of communication and training is still a frequent factor," he added. "Organisations have... ticked the box that everyone has gone through the training once but there are no measures in place to keep up awareness."

Read on for more news from InfoSec 2010.