To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39170070,00.htm

Data breaches: No more than normal
ICO - the situation isn't "any worse"…

By Tom Espiner

Published: Monday 18 February 2008

The Information Commissioner's Office has said that the rash of data-breach reports in the past five months is due not to more data breaches - but to more people admitting to them.

Security from A to Z

Click on the links below to find out more...

A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day

HM Revenue & Customs' loss of 25 million details of people claiming and receiving child benefit was the catalyst for a surge of data-loss reports, an ICO spokesperson told silicon.com sister site ZDNet.co.uk.

The spokesperson said: "More people are stepping forward as they realise the importance of data breaches. We don't think the situation is any worse. Back in July last year we highlighted the need for more data protection."

The ICO released its annual report in July 2007, which criticised "horrifying" security lapses at some of the UK's largest companies.

Increasing scrutiny from regulators, including the ICO, is encouraging more disclosure, said the ICO spokesperson. There is also an ongoing review of data-handling procedures in Whitehall, which the spokesperson said is exposing more data-loss incidents.

The spokesperson added: "People are stepping forward because they want to get it right."

Recent reports of data losses include the loss of a laptop by the Ministry of Defence, disclosed in January, which contained personal details of 600,000 prospective or actual recruits for the armed forces. The MoD also lost the bank details of approximately 3,500 of those people. The DVA admitted to losing thousands of learner-driver details in December, while the NHS said in January it had lost thousands of patient records on a USB drive.

The ICO said that a common thread in these incidents is the devices lost had no encryption. "If people used more encryption, they would have fewer problems," said the spokesperson.

Private companies can also suffer from regulatory scrutiny due to data loss. The Financial Services Authority fined Norwich Union £1.26m in December for failing to manage customer-data adequately.

Financial advisory firm Deloitte said there was increased scrutiny of organisations by regulators. Mike Maddison, head of security and privacy services at Deloitte, said: "The issue of protecting the privacy of sensitive data has never been under such intense scrutiny. Increasingly regulators and watchdogs are examining the approaches organisations are taking to protect this vital private information."