• Welcome to the LegalBeagles Consumer and Legal Forum.
    Please Register to get the most out of the forum. Registration is free and only needs a username and email address.
    REGISTER
    Please do not post your full name, reference numbers or any identifiable details on the forum.

Privacy chief notified of 94 data breaches since HMRC debacle

Collapse
Loading...
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Privacy chief notified of 94 data breaches since HMRC debacle

    The Information Commissioner has been notified of almost 100 data breaches by public and private sector organisations since the loss of 25 million people's details by HM Revenue and Customs last November, according to figures released yesterday.

    Half of the 28 private sector security breaches were by financial services companies.

    The problem of the loss of personal information gained in profile in the aftermath of HMRC's loss of two discs containing the entire register of people claiming child benefit last year. The information on the discs included names addresses and banking details of 25 million people, leading to widespread fears of identity theft.

    Since then, though, organisations in the public, private and charity sectors have all lost data in circumstances that led to them being reported to the Information Commissioner's Office (ICO).

    "It is particularly disappointing that the HMRC breaches have not prevented other unacceptable security breaches from occurring," said Information Commissioner Richard Thomas. "The government, banks and other organisations need to regain the public’s trust by being far more careful with people’s personal information."

    The cases which have been reported to the ICO include the loss of whole computers, USB memory sticks containing data and computer discs containing unencrypted data. Paper records have also gone missing, and the information on all these formats has included financial records, health records and other personal information.

    Information has been stolen, but it has also been lost in transit, either by post or with courier services.

    Information has only so far been recovered in three of these cases. In 16 of them the ICO has ordered a change to data management processes, including ordering the encryption of data in the future.

    Of the 62 breaches in the public sector a third involved central government and its agencies and a fifth involved the NHS.

    The ICO has published new guidance on how to deal with data security breaches.

    "Once again I urge business and public sector leaders to make data protection a priority in their organisation," said Thomas. "The level of understanding about data protection and the need to safeguard people’s personal information have no doubt increased and I am encouraged that more chief executives and permanent secretaries appear to be taking data protection more seriously, but the evidence shows that more must be done to eradicate inexcusable security breaches."

    Most US states have security breach notification laws. A significant number of breaches have come to light because of the laws. But at present there is no general rule to notify security breaches in the EU. The European Commission announced plans last year to introduce such a requirement for telecoms companies. Earlier this month the privacy watchdog for EU institutions, the European Data Protection Supervisor (EDPS), called for that proposal to extend to banks, businesses and medical bodies.

View our Terms and Conditions

LegalBeagles Group uses cookies to enhance your browsing experience and to create a secure and effective website. By using this website, you are consenting to such use.To find out more and learn how to manage cookies please read our Cookie and Privacy Policy.

If you would like to opt in, or out, of receiving news and marketing from LegalBeagles Group Ltd you can amend your settings at any time here.


If you would like to cancel your registration please Contact Us. We will delete your user details on request, however, any previously posted user content will remain on the site with your username removed and 'Guest' inserted.
Working...
X