All the latest UK technology news, reviews and analysis
|
|
|
11 Jul 2007
The UK's Information Commissioner has called on chief executives to clamp down on "careless and inexcusable" breaches of personal information.
Richard Thomas said in the 2006/07 annual report (PDF) from the Information Commissioner's Office (ICO) that the UK has suffered unacceptable security breaches over the past year, involving leading names such as Orange and several high street banks.
"Over the past year we have seen far too many careless and inexcusable breaches of people's personal information," said Thomas.
"The roll call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying."
In February alone the ICO found Alliance & Leicester, Barclays Bank, Clydesdale Bank, Co-operative Bank, HBOS, HFC Bank, Nationwide Building Society, Natwest, Royal Bank of Scotland, Scarborough Building Society, The Post Office and United National Bank in breach of the Data Protection Act and ordered them to sign formal undertakings.
Information stolen as a result of poor data security practices can be used in identity fraud and theft, which is currently costing the UK £1.7bn a year.
The ICO received almost 24,000 enquiries and complaints concerning personal information in 2006/7.
As a result it prosecuted 16 individuals and organisations in the past 12 months and two parliamentary inquiries have started following the Commissioner's call for a debate on the UK's 'surveillance society'.
The public's awareness of data protection rights has risen to an all-time high of 82 per cent, and an increasing number of people understand that personal information must be handled appropriately.
"Business and public sector leaders must take their data protection obligations more seriously. The majority of organisations process personal information appropriately, but privacy must be given more priority in every UK boardroom," warned Thomas.
"Organisations that fail to process personal information in line with the Principles of the Data Protection Act risk enforcement action by the ICO and losing the trust of their customers."
The Information Commissioner has called for stronger audit and inspection powers for his office to ensure that personal information stays private.
Currently the ICO can only audit organisations' information handling practices with their consent. The Commissioner wants the right to inspect and audit practices where poor practice is suspected.
Latest stories from Privacy
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Position:Oracle Applications eBusiness Suite Suport...
Software Developer A leading UK Software Application...
I am looking for a permanent senior Drupal Developer...
Retail Consultant - Data Transformation and Migration...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Who can we now trust with our personal details?!
The breaches that Richard Thomas refers to explain why, we as consumers, are becoming increasingly incensed at how careless some UK organisations are being when using sensitive customer information. There is also growing evidence that in some cases deliberate misuse of this data, solely for the financial gain of the business, is being sanctioned at the highest level in businesses either directly or through abdication of corporate responsibility. The problem is that too many organisations are storing and using the same customer data, without control, so one department or office is not aware of what the other is doing with that information. As the article suggests, this can easily lead to customer contact being duplicated, for example, multiple sales calls to the same customer on the same day. This destroys brand value, something that all executives acknowledge is difficult to build in today?s market place, yet they are simply not in control of what is happening. This type of carelessness is negatively affecting the customer?s experience of some organisations and UK executives must address this if they want to maintain a positive relationship with their customers. There are enough threats to customer data from the criminal community, without legitimate organisations adding to it through an array of careless activities which can be managed. Deliberate misuse is inexcusable, even through ignorance and must be punished by the IC. I am sure that ignorance and poor management will be suitably punished by consumers over time. The danger here is that those who do protect data effectively will be tarnished by those who do not.
Posted by: David Arrowsmith, SAS UK 12 Jul 2007