Categories: Security

FoI Requests Show Businesses Are Vastly Under-Reporting Stolen Devices To The ICO

Just one tenth of all devices stolen form businesses containing sensitive information are being reported to the Information Commissioner’s Office (ICO).

According to Freedom of Information (FoI) requests submitted by security firm ViaSat UK, 13,079 such devices were reported to police between March 2014 and March 2015, but the ICO reported just 1,089 data breaches.

The actual number is certainly higher given that only 34 of the 46 UK police forces responded to the requests and just 31 were able to provide detailed information.

Data loss landscape

Given the majority of breaches reported by the ICO relate to the public sector, this vast underreporting by the private sector means the scale of data loss in the UK is likely to be far worse than previously thought. ViaSat UK has called for the ICO to receive greater powers to protect the privacy of individuals.

“It’s clear that this discrepancy isn’t due to the ICO but the framework it has to operate in. As it stands, the ICO simply doesn’t have the tools and powers it needs to ensure that either all threats are reported, or that risk is minimised,” said Chris McIntosh, CEO of ViaSat UK.

“For instance, encrypting sensitive data is now a trivial matter in terms of both cost and complexity. If encryption of personal data was made mandatory, and enforced with spot checks and suitable punishments, then the public and the ICO could have much greater confidence that none of the 13,000-plus stolen devices represent a threat.

ICO powers

“The ICO’s role is to encourage best practice in data protection. While it is clear that its financial penalties are aimed at this goal, it still needs more legal and financial muscle to drive its goals. While compulsory reporting of every single potential breach could be difficult to enforce, inevitably it would give the ICO a clearer view of the problem and allow it to better mandate best practice.

“However, in the meantime compulsory encryption, and the power to police it, is the absolute minimum that the ICO should be granted.”

The ICO itself has requested greater powers and funding in the past. It claims its role as an independent regulator is becoming more important as the number of complaints it receives rises.

“We’re effective, efficient and busier than ever,” said information commissioner Christopher Graham last year. “But to do our job properly, to represent people properly, we need stronger powers, more sustainable funding and a clearer guarantee of independence.”

What do you know about ICO and its counterparts? Take our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago