Public confidence shaken by data breaches
Published: 13 Dec 2007 12:56 GMT
The majority of UK citizens do not trust the government with their data following the HM Revenue & Customs data breach, according to security vendor Symantec.
The personal details of 25 million people claiming or receiving child benefit were lost on two unencrypted CDs in November.
A survey of 1,000 members of the public, which was sponsored by Symantec and conducted by IPSOS Mori, found 62 percent of respondents felt that their personal data being held by government departments was at risk. The survey was conducted in the aftermath of the data breach.
"Public confidence has been shaken," said William Beer, Symantec's European security practice director. "Six out of 10 people is a sizeable majority, but I won't say the results surprised us. This is impacting people, and it's not to do with their behaviour online. With this breach, it wasn't possible to change their behaviour to improve security. If this had been a merchant or online store, people could consider not doing a transaction."
There seems to be a continuous leakage of data
William Beer, Symantec
Public confidence in the government's ability to safeguard data would have been shaken further by other recent government data breaches, said Beer.
In the past week, UK government departments have admitted losing the names and addresses of thousands of citizens. The Driver and Vehicle Agency in Northern Ireland admitted to losing over 6,000 motorists' details in the post; Norfolk police admitted losing the details of dozens of prisoners; and Sefton Primary Care Trust sent the salary and pension details of thousands of its employees to four unnamed companies.
"There will be serious repercussions considering what has happened this week," said Beer. "There seems to be a continuous leakage of data."
The latest security concerns follow worries over the security of public database schemes such as the National Identity Register for the ID cards scheme, and ConnectPoint, a database that will contain details of every child in the country.
"The new databases are causing a fair amount of legitimate concern in the public's eyes," said Beer. "If the government can't manage the current data set, how will it manage more sensitive data like biometrics?"
The public does not have much confidence in corporations to guard data either, the survey found, with 61 percent of respondents saying they did not trust businesses to safeguard personal details.
Beer called for a UK data-breach notification law, which would require organisations that suffer a data breach to notify affected parties. He said the law would incentivise companies to better look after their data and that technical means were not enough to secure data.
"It's a myth that technology is a silver bullet," said Beer. "Encryption will definitely help, but there are times when you can't use it — there may be issues with keys, or passing the data set. There is a lot of focus needed on awareness [among end users of potential security problems, which is] often a challenging part of a security project. Companies have policies in place and technology in place, but the weak link is the individual."
Privacy watchdog to push data safeguards
The Information Commissioner's Office is to launch the UK's first privacy impact assessment handbook and urge use of privacy-enhancing tech [11 Dec 2007]
The worst IT security incidents of 2007
The year may not be over yet, but it will be hard to beat the major blunders on this list when it comes to security [14 Nov 2007]
Brown alerted to HMRC data risk in 2004
Gordon Brown was informed three years ago of the flaws in HMRC's working practices which recently led to the UK's largest-ever data loss, it has been revealed [10 Dec 2007]
CIOs: Encryption only part of data-security solution
Together with robust policies and processes, encryption needs to be part of a holistic approach to the protection of data, a CIO panel has said [10 Dec 2007]
HMRC offers £20,000 for return of lost discs
The main police search for the missing CDs containing 25 million child-benefit records has failed, prompting the goverment to offer a reward [05 Dec 2007]
UK companies spurn encryption
A Check Point survey claims that only 48 percent of UK IT managers use encryption technology to secure their data [04 Dec 2007]
Lost HMRC data 'worth £1.5bn to criminals'
Liberal Democrat acting leader Vince Cable has attacked the government over its failure to use encryption technology [29 Nov 2007]
ID cards: Data-protection minister calls for review
Michael Wills has admitted the HMRC data-loss blunder raises questions over the security of the ID cards scheme [28 Nov 2007]
The top 10 IT disasters of all time
From faulty satellites nearly causing World War III to the Millennium Bug, poorly executed IT has had a lot to answer for over the years [22 Nov 2007]
Northern Ireland loses thousands of drivers' data
The Driver and Vehicle Agency says personal details of thousands of motorists have been lost on two CDs sent by a courier [13 Dec 2007]
Government loses 25m confidential records
In the largest-ever data breach by the government, HMRC has lost the details of every child in the country [20 Nov 2007]
Did you find this article useful?
3 out of 3 people found this useful
- Share this article:
Full Talkback thread
2 comments
