All the latest UK technology news, reviews and analysis
|
|
|
23 Nov 2011
A whopping 132 local authorities have between them lost sensitive data on citizens on more than 1,000 occasions since 2008, according to data unearthed by privacy advocates Big Brother Watch (BBW).
Even more worryingly, just 55 of these incidents were reported to the Information Commissioner's Office (ICO), while only nine workers were sacked as a result of losses they caused, despite information on children being routinely put at risk.
The report also found that mobile devices remain one of the most common sources of data loss, with 244 laptops, 98 memory sticks and 93 mobile devices lost or stolen during the three-year period.
The worst authorities were Buckinghamshire and Kent with 72 incidents, while Essex had 62. Notable incidents uncovered by BBW include a USB stick lost by a local authority in Birmingham containing details on 64,000 people.
Commenting on the figures, BBW director Nick Pickles said in a blog post that local authorities must be made to take their data handling obligations more seriously.
"The growing volume of personal information held by local authorities is a significant threat to personal privacy and civil liberties," he said.
"This report highlights how, despite data protection law, not enough is being done to ensure sensitive information is held securely and protected."
A spokesperson for the ICO said that while councils are not legally obliged to inform the watchdog over every data loss incident it urged them to do more to protect their data.
"It's vital local authorities properly live up to their legal responsibility to keep personal data secure. Four out of the six monetary penalties that we've issued so far have involved data losses at councils," they said.
"Our concern isn't just that councils have the right policies and procedures in place; it's about bringing about a culture among staff whereby everyone takes their responsibilities seriously and effective data handling becomes second nature."
The ICO added, though, that in an attempt to improve local government's data handling it is making a formal request to the Ministry of Justice to be able to carry out compulsory audits of authorities' data handling procedures.
Latest stories from Databases
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Sneak peek at the forthcoming glass-based machine
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Support Analyst x 1/2 Skills: Apple Mac OSX, Windows...
Network Consultant - London - 55-65k My client are...
A leading global provider of critical information to...
Playstations and table football in the kitchen? Standard...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Providing Information Assurance
The news that 132 councils have lost personal data over 1000 times in just three years shows that the discipline of Information Assurance is still needed. Today, public sector bodies are all too aware of the potential risks to their sensitive data. Now that reporting of such incidents is mandatory elsewhere within government, there is every incentive to ensure compliance. As a result, IT security needs to be focused on understanding business need and making the right choices. Information Assurance remains the ideal approach, since it is risk-based and allows organisations significant flexibility in deciding how security requirements are met. For example, with the explosion of consumer devices coming into the workplace, different employees have different IT needs. As a result, IT needs to be able to enable different classes – or risk levels – of data to be handled securely, but with a solution that won’t unduly restrict access, or productivity. When budgets are constrained, this will be achieved through spending money on technology that is proportionate to the risk involved, and tiering access accordingly. Ultimately, applying Information Assurance not only helps organisations to follow the security rules, but also extracts real business value while providing flexibility as IT security continues to evolve.
Posted by: Chris Mayers, chief security architect, Citrix 28 Nov 2011
Sack them
The people responsible for any leaks should be sacked.
Posted by: John 24 Nov 2011