Out-Law News 1 min. read
29 Oct 2008, 9:38 am
The ICO said in April that 94 breaches had been reported to it since the loss of 25 million people's records by HM Revenue and Customs (HMRC) in November 2007. That figure has now risen to 227. It said that 176 of those relate to the public sector.
Information Commissioner Richard Thomas said that the bosses of organisations had to take responsibility for the growing trend to gather large amounts of personal information in computer databases and the risks associated with that.
"As government, public, private and third sectors harness new technology to collect vast amounts of personal information, the risks of information being abused increases. It is time for the penny to drop," said Thomas.
"The more databases that are set up and the more information exchanged from one place to another, the greater the risk of things going wrong. The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made," he said. Chief executives have to take responsibility for the data gathered by their organisations, he said.
"It is alarming that despite high profile data losses, the threat of enforcement action, a plethora of reports on data handling and clear ICO guidance, the flow of data breaches and sloppy information handling continues," said Thomas.
He outlined the potentially severe consequences of the loss of centrally-stored personal data. "We have already seen examples where data loss or abuse has led to fake credit card transactions, witnesses at risk of physical harm or intimidation, offenders at risk from vigilantes, fake applications for tax credits, falsified Land Registry records and mortgage fraud. Addresses of service personnel, police and prison officers and battered women have also been exposed. Sometimes lives may be at risk," said Thomas.
Not for the first time, Thomas called for greater powers for his office. "The ICO has long argued that its powers, sanctions and resources – fixed in another era – are now wholly inadequate and that a stronger approach is required to help prevent unacceptable information handling," said an ICO statement. "The threat and reality of substantial penalties will concentrate minds and act as a real deterrent."
The ICO said that it was working with Government on the detail of a plan to give it power to impose large penalties for reckless or deliberate data breaches, a power Parliament recently decided to give it.
It confirmed that it is also conducting investigations into 30 of the most serious of the 227 data breaches reported to it in the last year.