ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Data Breaches

ICO: Data-breach spate 'no worse' than normal

Tom Espiner ZDNet.co.uk

Published: 15 Feb 2008 17:01 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The Information Commissioner's Office has said that the rash of data-breach reports in the past five months is due not to more data breaches, but to more people admitting to them.

HM Revenue & Customs' loss of 25 million details of people claiming and receiving child benefit was the catalyst for a surge of data-loss reports, an ICO spokesperson told ZDNet.co.uk on Friday.

"More people are stepping forward as they realise the importance of data breaches," said the spokesperson. "We don't think the situation is any worse. Back in July last year we highlighted the need for more data protection."

The ICO released its annual report in July 2007, which criticised "horrifying" security lapses at some of the UK's largest companies.

Increasing scrutiny from regulators, including the ICO, is encouraging more disclosure, said the ICO spokesperson. There is also an ongoing review of data-handling procedures in Whitehall, which the spokesperson said is exposing more data-loss incidents.

"People are stepping forward because they want to get it right," the spokesperson added.

Sentry Posts Blog

Sentry Posts Blog
Guarding the network

What you need to know — and what you and your peers have to tell us — about security management in our new community group blog

Read more +

Recent reports of data losses include the loss of a laptop by the Ministry of Defence, disclosed in January, which contained personal details of 600,000 prospective or actual recruits for the armed forces. The MoD also lost the bank details of approximately 3,500 of those people. The DVA admitted to losing thousands of learner-driver details in December, while the NHS said in January that it had lost thousands of patient records on a USB drive.

The ICO said that a common thread in these incidents is that the lost devices had no encryption. "If people used more encryption, they would have fewer problems," said the spokesperson.

Private companies can also suffer from regulatory scrutiny due to data loss. The Financial Services Authority fined Norwich Union £1.26m in December for failing to manage customer-data adequately.

Financial advisory firm Deloitte said there was increased scrutiny of organisations by regulators. "The issue of protecting the privacy of sensitive data has never been under such intense scrutiny," said Mike Maddison, head of security and privacy services at Deloitte. "Increasingly regulators and watchdogs are examining the approaches organisations are taking to protect this vital private information."

Maddison said that it is "often the simplest of procedural errors that can result in a security breach".

"As there is no software patch for people, it is clear that the solution to managing such a risk requires flexibility and is as much about people and culture as process and technology," Maddison said. He added that consumer concerns will continue to make data compromise a high-profile issue, and could result in increased legislation.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with HP

Did you find this article useful?
2 out of 2 people found this useful


Full Talkback thread

0 comments

More in this Special Report

The top five internal security threats

The top five internal security threats

It's widely known that internal staff are the biggest threat to IT security, but what specifically should an employer watch out for? more

US gov't: Treat personal data 'like toxic waste'

US gov't: Treat personal data 'like toxic waste'

Computer scientists in the US have advised organisations to be extremely cautious when handling information that can be used to identify individuals more

Home Office laptop and disc 'bought on eBay'

Home Office laptop and disc 'bought on eBay'

IT repair technicians near Manchester have found an encrypted Home Office CD under the keyboard of a laptop, apparently purchased recently on eBay more

Data breaches cost an average business £1.4m

Data breaches cost an average business £1.4m

The vast majority of lost data is accidental rather than a result of any criminal activity, researchers claim more

ICO: Data-breach spate 'no worse' than normal

ICO: Data-breach spate 'no worse' than normal

The Information Commissioner's Office has said the recent surge of data-breach reports does not indicate a rise in security lapses more

PGP: Encryption alone no cure for data breaches

PGP: Encryption alone no cure for data breaches

In the fight against security breaches, PGP chief executive Phil Dunkelberger cautions that encryption by itself is not the answer more

Keeping mobile data from going walkabout

Keeping mobile data from going walkabout

Mobile email is no longer the preserve of upper management but providing access to company information on the go has its risks more

Public gets more savvy about data security

Public gets more savvy about data security

An ICO survey has found people are taking more care with their personal information, suggesting the recent spate of high-profile data breaches has had an impact more

ICO urges gov't to retain data-theft laws

ICO urges gov't to retain data-theft laws

The watchdog has warned it is vital the government resists pressure to water down laws that could jail people selling stolen personal details more

Don't blame 'stupid users' for data breaches

Don't blame 'stupid users' for data breaches

A defence researcher claims companies need to move away from the idea of command and control of their employees and get them on side when it comes to improving IT security more

Symantec, RSA call for unified data-breach law

Symantec, RSA call for unified data-breach law

At the RSA security conference the vendors argued the case for a single US federal data-breach notification law, echoing similar demands last year in the UK more

How to avoid liability for a data breach

How to avoid liability for a data breach

Data breaches can be costly not only for customers but for the business involved. Implementing certain measures, however, can limit liability more

Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

French, German, Spanish Speaking 1st Line Support Analyst - 25k

Applicants will possess relevant experience with the following essential skills; Unix operating system (Linux or Solaris) , Helpdesk systems (eg ...

HP/Dell Hardware Field engineer 25k + Audi A3 Manchester

This flexible field based role involves: Investigation and resolution of IT hardware break/fix incidents Investigation and resolution of non-hardware ...

The Head of Information Security and Privacy Incident Response

The Head of Information Security and Privacy Incident Response is a senior member of the Vulnerability Management team with primary responsibility ...

Sentry Posts Blog

How many headshots does one chairperso...

We got a strange request last week from the head of PR from Russian security experts Kaspersky. It seems although the company was very happy with the interview we recently carried with... More

Post a comment

Google sponsors open source security p...

Google has announced it is to sponsor oCERT, an open source computer emergency response team. In a blog post on Monday, Google security engineer Will Drewry said that one of the... More

Post a comment

Indian officials accuse China of cyber...

China is actively engaged in mapping India's computer networks, according to the Times of India. China is mounting "almost daily" attacks against Indian Government computer systems,... More

Post a comment

Featured Talkback

On the contrary, if vendors were forced to stand behind their products it should increase innovation. It would force more, and better , testing before hitting the sales floor, resulting in fewer updates and less downtime for the consumer. At present the EULA removes responsibility from the vendor, and moves it to the user, which is a step backward. Make the vendor responsibility for their code.

By: ator1940

Read full story:
RSA: Vendor liability may stifle innovation