UK data protection watchdog slams firms for security breaches
11 July 2007 | 7417 views | 0
The UK Information Commissioner's Office (ICO), which is responsible for enforcing the Data Protection Act, has hit out at the "horrifying" number of security breaches at leading banks, retailers and government bodies in the past year.
In his annual report, Information Commissioner Richard Thomas says there have been "far too many careless and inexcusable breaches of people's personal information" over the past year and firms must do more to secure confidential data.
"The roll call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying," says Thomas.
In February, The Nationwide Building Society was fined £980,000 by the Financial Services Authority (FSA) after an investigation into the theft of a company laptop from an employee's home last year exposed failings in its information security.
In March this year the watchdog found 11 financial institutions in breach of the Data Protection Act after they dumped customers' personal details in outdoor bins.
Since then there have been other incidents where customer data has been breached. Last month Hbos subsidiary Bank of Scotland admitted that a disc containing names, addresses and dates of birth and mortgage account numbers for 62,000 customers had been lost in the postal system. That incident came just two months after Halifax - another Hbos subsidiary - reported that documents containing the mortgage details of 13,000 customers had been stolen from an employee's car.
Thomas says business and public sector leaders must take data protection obligations more seriously.
"Privacy must be given more priority in every UK boardroom," says Thomas. "Organisations that fail to process personal information in line with the Principles of the Data Protection Act not only risk enforcement action by the ICO, they also risk losing the trust of their customers."
Thomas also called for stronger audit and inspection powers for his office. Currently the ICO can only audit organisations' information handling practices with their consent, but the commissioner wants the right to inspect and audit practices where poor practice is suspected.