Local authorities have lost sensitive, personal data more than 1,000 times in three years, it has been revealed.
Campaign group, Big Brother Watch (BBW), today published a report on the scale of data loss across local authorities in the UK since 2008, including a breakdown by local authority.
The information, gathered using the Freedom of Information Act, received a response rate of 91 percent and showed that at least 244 laptops and portable computers were lost, while a minimum of 98 memory sticks and more than 93 mobile devices went missing.
“Despite these severe breaches,” said BBW, “Only 55 incidents were reported to the Information Commissioner’s Office, with just nine incidents having resulted in termination of employment.”
“With recent moves to allow local authorities to access more centrally-held personal information, for example, details on benefits and earnings, the amount of data potentially at risk continues to grow.”
Check Point’s UK MD Terry Greer-King said his company’s research data reflects similar findings. “We’ve surveyed the use of data encryption in UK public and private sector organisations every year since 2007, and encryption deployments have been consistently under 50 percent until now. Yet even in 2011, only 52 percent of respondents were using encryption to protect data on their laptops,” said Greer-King. “What’s more, 13 percent reported a breach from lost or stolen laptops, and a further 7 percent lost unencrypted USB sticks. With only half of firms actively protecting their devices and data, breaches will inevitably continue for some time yet.”
“But,” said BBW, “There are concrete changes that can be made to protect the privacy of personal information, including a greater use of Virtual Private Networks (VPNs) which would allow staff to work from home without requiring sensitive information to be stored on their own computers. This would also reduce the need for information to be held on council laptops, as information would be readily accessible from a remote location.”
The group also recommends a much stricter policy on the use of external data storage devices and the transfer of information to personal equipment, eliminating many of the incidents where data has been lost to thefts and carelessness.
“A serious cause for concern is that it is impossible to say whether local authorities operate a sufficiently robust data protection regime. This is an area of data protection that the Information Commission should strongly consider investigating more thoroughly. Without a power of compulsory audit, the ICO relies on voluntary disclosure and with such sensitive information at stake; this cannot be a satisfactory position,” said the group in its report.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…