Government slammed by data breach reports
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
The MoD and HMRC are being called to account over two high-profile incidents of data loss
The MoD and HMRC have been hit with enforcement notices from the Information Commissioner’s Office (ICO), following the release of two damning reviews into major data breaches.
The HMRC lost a pair of discs containing personal and financial details of 25 million people under the Child Benefit scheme, while the MoD lost a laptop containing details of 600,000 people.
The departments will be fined if they fail to adopt the recommendations in the Poynter and Burton reports, into the HMRC and MoD respectively.
Information Commisioner Richard Thomas said while the major data-loss incidents had been well publicised, “It is deeply worrying that many other incidents have been reported, some involving even more sensitive data.”
HMRC claims already to have implemented 39 of the 45 recommendations contained in the Poynter report at a cost of £155 million; these include the appointment of a senior official to the post of ‘director of data security’ and ‘data guardians’ in each department, imposing a complete ban on the transfer of unencrypted bulk data to removable media, and disabling the download function on all laptops.
Chancellor Alistair Darling apologised “unreservedly” to the House of Commons over the incident: “It is quite clear the loss was entirely avoidable.”
The MoD has also accepted the 51 recommendations in the Burton report. Both government departments must provide annual progress reports for the next three years.
Meanwhile Justice Minister Michael Wills is calling for “data minimisation”, a model that would avoid “gigantic databases where anyone can go and search. I think the security implications of that are horrendous."
“There is a clear need for radical change in government in how we handle data. We don't handle data in the same way as we handle money, and I think we should,” he said.
Further reading
Data theft is a people issue It is important to understand the legal context for guarding against data theft, says Warren Wayne of law firm Bird & Bird.
Little faith in ID safeguards Internet banking and retailing could easily be sacrificed for identity protection.
Find more stories in the Security & Continuity Briefing Room
