Followers

Tuesday, August 26, 2008

Thousands of personal records lost each month

Thousands of computer records containing personal information about members of the public are being lost every month – with the rate of loss increasing, new figures reveal.

By Patrick Sawer and Melissa Kite

More than 160 "significant" incidents of confidential data being misplaced by councils, central government and businesses have been reported to the Information Commissioner's Office (ICO) since last November.

Each case represents the potential loss of information about thousands of individuals.

The revelations follow the loss last week of confidential records and sensitive intelligence relating to tens of thousands of criminals. Scotland Yard is investigating how a memory stick containing the information, taken from the Police National Computer (PNC), went missing from a private consultancy firm.

In the six months between November 2007 and April 2008, the ICO was notified of 94 data breaches. In the following two months there were a further 66.

Critics say it shows that organisations have done little to improve their data protection procedures following the scandal last October, when two HM Revenue and Customs (HMRC) CDs containing the entire child benefit database of 25 million families went missing.

In fact, another set of new figures reveal that security breaches at the HMRC itself are now running at ten a day, not all of which are reported to the Commissioner. Ministers have admitted in a parliamentary answer that overall security has got worse at HMRC since the department lost the two CDs.

Parliamentary answers obtained by the Conservatives show that between 1 October 2007 and 24 June 2008 there were 1,993 security breaches at HMRC, more than ten every working day.

Before the datagate scandal, between October 2006 and September 2007 there were 2,709 breaches - around 8 per working day.

Philip Hammond, shadow Treasury secretary said: "The public will rightly ask how this Government can claim to be taking data security seriously, when the number of breaches at the Revenue has actually increased following the lost discs fiasco.

Of the incidents reported to the Commissioner, 44 occurred in the private sector. But, together, local councils, government departments and the NHS were responsible for 95 breaches, with other public sector bodies such as housing associations reporting a further 21.

The breaches include the loss or theft of laptops, loss of paper records and removable disks and breaches of website security.

Organisations are not required by law to report all losses, and the actual number is thought to be far higher.

The Information Commissioner Richard Thomas issued a stern rebuke to company chief executives and civil servants in the wake of the new figures and the latest loss of data, from the PNC.

"It is particularly disappointing that the HMRC breaches have not prevented other unacceptable security breaches from occurring," he said.

Referring to the latest incident, in which contractors at PA Consulting Group decoded previously encrypted information from the PNC and placed it on the memory stick, which was subsequently lost, Mr Thomas added: "It is deeply worrying that after a number of major data losses and the publication of two government reports on high profile breaches of the Data Protection Act, more personal information has been reported lost.

"The data loss by a Home Office contractor demonstrates that personal information can be a toxic liability if it is not handled properly and reinforces the need for data protection to be taken seriously at all levels. It is vital that sensitive information, such as prisoner records, is held securely at all times."

The missing police data contains the personal details and intelligence notes on 33,000 serious offenders, dossiers on 10,000 'priority criminals' and the names and dates of birth of all 84,000 prisoners in England and Wales. It is also understood to include the names of informers who now fear they could be at risk of reprisals.

Ministers had promised to tighten the security of confidential data and the latest loss will prove hugely embarrassing, particularly as it involved information which originated from the Home Office.

Jane Kennedy, the Treasury minister, said the breaches from HMRC arose from "a wide range of different circumstances." She added: "Such security breaches reflect potential weaknesses reported by staff and not actual thefts or losses."

Original here

No comments: