Thomas tells CEOs to take responsibility for 'toxic' data liability
The number of data breaches reported to the Information Commissioner’s Office has soared to 277 since HMRC lost 25m child benefit records a year ago.
The ICO is investigating 30 of the most serious cases. Information Commissioner Richard Thomas (pictured) has highlighted the need for tougher sanctions to deter data breaches, and called on top executives to take responsibility for the personal information their organisations hold.
Arguing that information can be a “toxic liability”, Thomas argues that “accountability rests at the top. CEOs must make sure that their organisations have the right policies and procedures in place, that privacy by design features are incorporated in the technology their organisations use, and that staff are properly trained to counter the risks”.
Thomas adds: ‘It is alarming that, despite high profile data losses, the threat of enforcement action, a plethora of reports on data handling and clear ICO guidance, the flow of data breaches and sloppy information handling continues. The number of breaches brought to our attention is serious and worrying. I recognise that some breaches are being discovered because of improved checks and audits as a welcome result of taking data security more seriously.
Following serious data breaches in the past 12 months, the ICO has taken enforcement action against Orange Personal Communications Services Ltd, HMRC, the Ministry of Defence, the Department of Health, Virgin Media, Skipton Financial Services, the Foreign and Commonwealth Office, Carphone Warehouse, and Talk Talk.
Earlier this year (2008) Parliament decided that the ICO should have the power to impose substantial penalties for deliberate or reckless breaches. The ICO is working with the government to ensure this measure is implemented as soon as possible. ‘The threat and reality of substantial penalties will concentrate minds and act as a real deterrent, the ICO believes.