Out-Law News 1 min. read

Thirty organisations are under ICO investigation over data breaches


The UK's privacy watchdog the Information Commissioner's Office (ICO) is currently pursuing 30 investigations into serious data security breaches, it said. In the past year 227 breaches have been reported to it.

The ICO said in April that 94 breaches had been reported to it since the loss of 25 million people's records by HM Revenue and Customs (HMRC) in November 2007. That figure has now risen to 227. It said that 176 of those relate to the public sector.

Information Commissioner Richard Thomas said that the bosses of organisations had to take responsibility for the growing trend to gather large amounts of personal information in computer databases and the risks associated with that.

"As government, public, private and third sectors harness new technology to collect vast amounts of personal information, the risks of information being abused increases. It is time for the penny to drop," said Thomas.

"The more databases that are set up and the more information exchanged from one place to another, the greater the risk of things going wrong. The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made," he said. Chief executives have to take responsibility for the data gathered by their organisations, he said.

"It is alarming that despite high profile data losses, the threat of enforcement action, a plethora of reports on data handling and clear ICO guidance, the flow of data breaches and sloppy information handling continues," said Thomas.

He outlined the potentially severe consequences of the loss of centrally-stored personal data. "We have already seen examples where data loss or abuse has led to fake credit card transactions, witnesses at risk of physical harm or intimidation, offenders at risk from vigilantes, fake applications for tax credits, falsified Land Registry records and mortgage fraud. Addresses of service personnel, police and prison officers and battered women have also been exposed. Sometimes lives may be at risk," said Thomas.

Not for the first time, Thomas called for greater powers for his office. "The ICO has long argued that its powers, sanctions and resources – fixed in another era – are now wholly inadequate and that a stronger approach is required to help prevent unacceptable information handling," said an ICO statement. "The threat and reality of substantial penalties will concentrate minds and act as a real deterrent."

The ICO said that it was working with Government on the detail of a plan to give it power to impose large penalties for reckless or deliberate data breaches, a power Parliament recently decided to give it.

It confirmed that it is also conducting investigations into 30 of the most serious of the 227 data breaches reported to it in the last year.

We are processing your request. \n Thank you for your patience. An error occurred. This could be due to inactivity on the page - please try again.