iTnews
  • Home
  • News
  • Technology
  • Security

UK had 277 serious data breaches this year alone

By Emma Hughes on Oct 30, 2008 10:54AM

This year has not been a good one in terms of data breaches – from the loss of child benefit details to the loss of top secret information on known terrorists.

This year has not been a good one in terms of data breaches – from the loss of child benefit details to the loss of top secret information on known terrorists.

It is almost a year ago since 25 million child benefits records were lost by the HMRC but this is really only the tip of the data loss iceberg – since November 2007 the breach total has risen to 277 unique cases.

Speaking at the RSA Conference on data breaches, Information Commissioner, Richard Thomas revealed that the central government has committed 28 breaches, 75 have been found within the NHS and other health services and a whopping 80 within the private sector.

Enforcement has already been taken against HMRC, the Ministry of Defence, the Department of Health, the Foreign and Commonwealth Office, Virgin Media, Skipton Financial Services, Carphone Warehouse, Talk Talk, and Orange.

Yet, although these cases have been investigated, it is unsure just how many have not been reported – some organisations don’t even realise information has been stolen from right under their noses.

We now live in an age where our every move is recorded, this can be used efficiently and securely to provide good services – yet the way it is at present, our personal details are just not safe, and therefore should probably not be collected in the first place.

Thomas explains that there are three main ways for companies to ensure secure data handling – clear thinking and paperwork, getting the technology right and focusing on people and behaviour.

The Information Commissioners Office has made clear for some time that a stronger approach is required to help prevent unacceptable information handling, which seems to have hit home – just this year Parliament decided that the ICO should have the power to impose substantial penalties for deliberate or reckless breaches.

The powers that be are working to make sure that data loss and breaches are made public when absolutely necessary instead of causing widespread panic, with individuals notified only if they are in danger.

Thomas says that, "Put simply, where the risks posed by security breaches are serious, a notification requirement would be too timid. If they are not, it would be excessive."
Got a news tip for our journalists? Share it with us anonymously here.
theinquirer.net (c) 2010 Incisive Media
Tags:
breachesconferencedatarsasecurity

Partner Content

The Great Resignation has intensified insider security threats
Promoted Content The Great Resignation has intensified insider security threats
Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
How to turn digital complexity into competitive advantage
Promoted Content How to turn digital complexity into competitive advantage

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Emma Hughes
Oct 30 2008
10:54AM
0 Comments

Related Articles

  • Qld gov proposes mandatory data breach reporting for agencies
  • Law firm mulls class action over NDIS software provider data breach
  • NDIS case management system provider breached
  • 50k customers caught up in Spirit Super phishing attack
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

PayTo rollout kicks off

PayTo rollout kicks off
Neobank Volt exits the banking industry

Neobank Volt exits the banking industry
Australia scraps digital passenger cards for international arrivals

Australia scraps digital passenger cards for international arrivals
Optus brands Telstra-TPG deal 'uniquely one-sided'

Optus brands Telstra-TPG deal 'uniquely one-sided'

Digital Nation

Case study: AFL kicks goals with its new digital platform
Case study: AFL kicks goals with its new digital platform
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: Multicloud business drivers at MLC Life Insurance
Case Study: EY invests in AI to improve approach to flexible working
Case Study: EY invests in AI to improve approach to flexible working
Personalisation strategies need to be built from the ground up
Personalisation strategies need to be built from the ground up
Case Study: Good360 deploys NetSuite, Magento and Salesforce
Case Study: Good360 deploys NetSuite, Magento and Salesforce
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.