In Britain, public sector breach reporting is woeful

There have been more than 1,000 incidents of data loss in the past three years in the public sector.

An investigation by Big Brother Watch found that there has been 1,035 data-loss incidents across 132 local authorities since 2008. It also found that of those incidents, 35 included councils that lost information about children and those in care.

Also, at least 244 laptops and portable computers were lost, while at least 98 memory sticks and more than 93 mobile devices went missing.

Of the 1,035 incidents, 55 were reported to the Information Commissioner's Office, but only nine resulted in a termination of employment.

Richard Turner, CEO of Clearswift, said: “Today's news highlighting yet more data breaches is concerning reading. The fact is that in today's business environment, where an ever-increasing range of communication channels are in use, organisations must realise that in conjunction with security technology, their staff can be a powerful tool in safeguarding information and data.

“For data security policies to be truly effective, staff need to understand what security parameters are in place, and more importantly, why they are there.”

Grant Shapps, minister for local government, said: “I welcome this research by Big Brother Watch. This reinforces the need for steps to protect the privacy of law-abiding local residents. Civil liberties are under threat from the abuse of town hall surveillance powers, municipal nosy parkers rummaging through household bins and town hall officials losing sensitive personal data on children in care.”

Terry Greer-King, UK managing director of Check Point, said the volume of losses reflects the lack of use of data encryption on laptops, USB sticks and other removable storage media among UK companies.

He said: “We've surveyed the use of data encryption in UK public and private sector organisations every year since 2007 and encryption deployments have been consistently under 50 per cent until now. In 2011, only 52 per cent of respondents were using encryption to protect data on their laptops.

“What's more, 13 per cent reported a breach from lost or stolen laptops and a further seven per cent lost unencrypted USB sticks. With only half of firms actively protecting their devices and data, breaches will inevitably continue for some time yet.”

Tim Patrick-Smith, CTO of Getronics, said: “Unfortunately, I'm not surprised by the results of the report. At the moment, councils are still playing catch-up when it comes to having the right technology and processes in place given the huge rise in consumerisation within IT.

“It is likely we will continue to see CIOs struggling to implement truly secure models as the more traditional method of securing hardware devices is still relied upon. CIOs must ensure access to data is prohibited by unauthorised employees in the event that the device is lost.

“Accidental or deliberate loss of data is likely to continue until the focus of the CIO is turned from securing the hardware to securing the data. This will involve improvements in digital rights management to enable these technologies to be more easily deployed.”

This article originally appeared at scmagazineuk.com