Another spate of data breaches
Posted in 'Identity Theft' by Ian Carpenter
17 May 2012
There has been a range of high profile data losses over the last few weeks, including the London Marathon, a Welsh health board and Toshiba among many others.
The Information Commissioner’s Office (ICO) – the regulatory body that deals with breaches of the Data Protection Act – is now coming down heavily on those organisations that lose personal data. Following years of numerous breaches across the UK, the NHS incurred its first fine this month, when , as reported previously, the Aneurin Bevan Health Board was issued with a penalty of £70,000 after releasing highly sensitive patient information to the wrong person. The punishment follows hot on the heels of similar fines dished out to Lancashire Police (£70,000) and Midlothian Council (£140,000) in recent months. It’ll be interesting to see if future fines are in multiples of £70,000 – or perhaps the trend is simply coincidental.
The ICO is dealing with the organisations retrospectively as well as ensuring on going improvement in their handling of personal data, by seeking, where it does not levy fines, an undertaking that procedures will be tightened up to comply with data protection law.
The sheer number and scale of data breaches over the past few years in the UK are now such that no-one can have been unaffected in some way or another. Those where more than a million persons were affected by a data breach included Monster Jobs (45m), HM Revenue & Customs (25m), the Government Gateway (12m), Nationwide Building Society (11m), Various NHS Trusts (more than 10m), Ladbrokes (4.5m), Driving Standards Agency (3m) and Cattles Group (1.4m). And that’s where the number of individuals affected is known, many data breaches fail to disclose the extent of the issue.
When you consider that the £70,000 fine applied to Aneurin Bevan Health Board related to the disclosure of just one person’s details, it beggars belief that HMRC, the Government Gateway and other NHS Trusts have received only a slap on the wrist.
What this means for you as an individual is to underline the importance of ensuring that your own habits do not need leave you more susceptible to identity fraud. The chances of your personal information being used fraudulently as a result of a corporate data loss are slim, despite this litany of data disasters, but the ICO has recently warned that many people are now becoming a ‘soft touch’ for online fraudsters, so tightening up on personal security is now an absolute must.
Ian Carpenter is the Operations Manager of checkmyfile, has a degree in Business Studies and is a Graduate Member of the Institute of Credit Management
More Articles by Ian Carpenter