The UK Information Commissioner, Richard Thomas, has revealed what he describes as an "inexcusable number" of data security breaches in the UK since the revelation last year that Customs and Excise had lost the personal details of some 25 million people, thereby exposing them to identity fraud.
Mr Thomas said that he had been notified of 94 individual security lapses since November, with two-thirds of these coming from the public sector. Of the remaining third, half of all data breaches were from financial institutions.
"It is particularly disappointing that the HMRC breaches have not prevented other unacceptable security breaches from occurring," Thomas said.
"The government, banks and other organisations need to regain the public's trust by being far more careful with people's personal information," he added.
PM ordered review
Prime Minister Gordon Brown ordered a review after the Customs and Excise debacle was revealed. The results and recommendations of this review are to be announced by the Cabinet Secretary, Gus O'Donnell, in the coming weeks.
According to The Times, the Information Commissioner has already seen a draft of the review and has indicated that it will recommend that heads of departments are held directly accountable for any breaches in the future.
The message seems to be that chief executives will no longer be able to entrust security to "techies" and absolve themselves of all blame if things go missing.
Information wants to be free
Interestingly, Mr Thomas also raised the question as to why so much information was being collected by Government departments in the first place, and why it was being kept for so long in unencrypted form on easy-to-steal laptops:
"We need to ask a whole range of questions, such as why so much information is being collected. Why is it being retained for so long? Why are laptops which hold the information not being encrypted? And why are such laptops being left in the backs of cars?" he said.
Call us jaded and cynical if you like, but we fear the review's recommendations will amount to little more than yet another case of the Government trying its hardest to be seen to be sorting things out, rather than actually sorting them out.
Merely shifting the blame isn’t necessarily going to make people’s personal data more secure. Securely archiving or even destroying such data when its purpose has been fulfilled would be an infinitely more secure option. Of course, given the present government’s obsession with surveillance and record-keeping, that’s pretty much a non-starter.