InfoSec 2014: 17 Percent Of All Thefts In The UK Threaten Victim Privacy

Seventeen percent of all thefts in the UK involve digital devices which are likely to contain sensitive information, suggest numbers obtained by Freedom of Information (FoI) requests to the Information Commissioner’s Office (ICO) and regional Police forces in the UK by communications firm ViaSat.

The findings were presented at the InfoSec 2014 conference in London, where it was revealed that the number of data breaches reported to the ICO has increased by ten percent in 2104, but the the regulator is only half as likely to issue monetary fines as last year.

Data in the wrong hands

“If less than one percent of the devices stolen in burglaries or personal thefts contained any sensitive information, that is still a huge amount of potentially sensitive data in the wrong hands,” said Chris McIntosh, CEO of ViaSat UK.

“We can see from the ICO’s reported data breaches and fines that simple human error is behind the majority of data protection failures. Combined with the threat of sensitive personal information being on a stolen device, it’s clear that the need to protect personal information must be understood by everyone, from heads of security to housewives and husbands.”

For several years, ViaSat has been submitting Freedom of Information requests to the ICO to find out how well the public organisation does its job, with the results available just in time for InfoSec. This year, it added UK’s police forces to the mix.

Stolen Equipment

According to ViaSat, at least 162,932 items of computing and communications equipment were stolen across the UK in the 12 months leading up to February. These included desktops, laptops, tablets and smartphones, and represented 17 percent of all thefts.

Digital devices were stolen in 69 percent of all “thefts from a person” –muggings or pickpocketings – and 28 percent of all burglaries. Incidents like these can present additional risks, since more digitally-savvy criminals could use information on the device to gain access to the victim’s payment and personal details.

Meanwhile, the ICO has issued jut 12 penalties between March 2013 and February 2014, totalling £1,230,000 – quite a serious change from last year, when it fined organisations a total of £2,610,000.

“Whilst the number of identified breaches has risen slightly, the fall in total penalties could be due to a number of factors: for example, that fewer high-profile and high-severity breaches have been fully investigated by the ICO in the past year,” said McIntosh.

The health sector was responsible for the majority of self-reported breaches (37 percent), followed by local governments and education organisations.

Disclosure in error – for example, when information was sent to the wrong recipient – was the most common cause of self-reported breaches, responsible for 616 cases or 48 percent of the total. It was followed by lost or stolen paperwork (16 percent) and lost or stolen hardware (9 percent).

How well do you know network security? Try our quiz and find out!