Britain’s privacy watchdog called for tighter security after businesses were found to be the worst data breach offenders
The private sector has topped a league of shame published by Britain’s Information Commissioner on reported data breaches.
In an effort to crack down on the problem, the privacy watchdog has called on chief executives to take personal responsibility for data security.
The number of reported data breaches in the UK over the past year soared to 277, according to the new statistics. Businesses accounted for the lion’s share of slip-ups.
Richard Thomas, the Information Commissioner, called the number of breaches ‘serious and worrying’.
He acknowledged that some of the breaches may have been discovered as a result of improved checks and audits. But he said the number of notifications must still be well short of the total.
He challenged CEOs to ensure that the amount of data held is minimised and that robust governance arrangements are in place.
“CEOs must make sure that their organisations have the right policies and procedures in place.
Richard Thomas, Britain's Information Commissioner
‘Accountability rests at the top,’ argued Thomas. ‘CEOs must make sure that their organisations have the right policies and procedures in place.’
Holding huge collections of personal data brings significant risks, warned Thomas. ‘The more you centralise data collection, the greater the risk of multiple records going missing.’
Earlier this year Parliament decided that the ICO should have new powers to fine offending companies and to carry out audits. The ICO said it is investigating 30 of the most serious cases.
Thomas said he was sceptical about placing a statutory duty on organisations to notify people whenever a breach occurs. ‘Each breach carries different levels of risk and, consequently, requires a different response.’
In the last year, the ICO has taken enforcement action against a number of public and private sector organisations.
‘It is alarming that despite high profile data losses, the threat of enforcement action, a plethora of reports on data handling and clear ICO guidance, the flow of data breaches and sloppy information handling continues,’ concluded Thomas.