Surge in data security breaches by private companies
The number of data security breaches by private companies has risen by 58% over the last year, according to figures released by the Information Commissioner’s Office (ICO).
This is in spite of the fact that three quarters of businesses surveyed understand that the Data Protection Act (DPA) obliges them to keep personal information secure – that’s up 26% compared with last year.
Companies face a fine of up to £500,000 for serious breaches of the DPA.
The ICO said recent examples of breaches of the DPA included a housing group sending personal details about 200 employees to the wrong email address, and a local council which accidentally published a spread sheet containing the names, salaries and dates of birth of 900 current and former employees.
The survey also revealed that public confidence in the system has fallen with less than half of the people questioned believing that organisations process data in a fair and proper manner.
The Information Commissioner, Christopher Graham, said: “I’m encouraged that the private sector is waking up to its data protection responsibilities, with unprompted awareness of the Act’s principles higher than ever. However, the sector does not seem to be putting its knowledge to good use.
“The fact is that security breaches in the private sector are on the rise, and public confidence in good information handling is declining. Businesses seem to know what they need to do – now they just need to get on with doing it.
“It’s not just the threat of a £500,000 fine that should provide the incentive. Companies need to consider the damage that can be done to a brand’s reputation when data is not handled properly. Customers will turn away from brands that let them down.”
The ICO points out that anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept for longer than is necessary
- Processed in line with your rights
- Not transferred to other countries without adequate protection
Please contact us if you would like more information about the issues raised in this article.