Britain’s Information Minister Warns Of Data Security Risks
Posted on: Wednesday, 29 October 2008, 15:33 CDT
Britain’s Information Commissioner Richard Thomas said corporate managers must take more responsibility for data security, and not merely delegate the task to the firm’s IT staff.
Many bosses are not aware of the risks of storing personal data, and need to realize such data can become either an asset or a “toxic liability”, Thomas said.
He is currently investigating 30 "serious" data breaches by the government and other organizations. However, many data losses go unreported, with organizations often unaware they even took place.
"It's often said that personal data is an asset for an organization, we are saying it can be a toxic liability. There are many risks associated with holding information," said Thomas on BBC Radio 4's Today program.
"There has been too much sloppiness, too much lack of awareness, of the risks of holding information and we are saying, really this is a matter for the top board, the chief executive of an organization.”
"It's no good saying the IT boys are looking after this, it's no good saying the lawyers are sorting out the policies, it's no good saying human resources are doing the training - it's right across the organization.”
"Computing power is so strong these days that many bosses don't simply understand what are the risks they are facing."
Companies and other organizations should firm up their information security policies, encrypt laptops, increase supervision and utilize software that prevents large amounts of data from being downloaded "all at one time".
"Things will inevitably go wrong, therefore you should plan for things going wrong," he said.
"We are still long way from saying we have got a tighter grip on the management of personal data,” said Thomas, adding that progress was nevertheless being made.
In a presentation to Britain’s Royal Society of Arts in London, Thomas called on companies and other organizations to retain the least amount of data possible, and said tougher penalties should be enacted for any mishandling of data.
He also warned that developing vast databases of personal information would hold "significant risks" for Britain.
The British government has recently defended its proposal to form a mass database that would store for two years the records of every phone call, e-mail and text message sent in the UK.
But Thomas warns against storing such information.
"The more databases that are set up and the more information exchanged from one place to another, the greater the risk of things going wrong," he said.
"The more you centralize data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made.
"The more you lose the trust and confidence of customers and the public, the more your prosperity and standing will suffer.
"Put simply, holding huge collections of personal data brings significant risks."
Thomas’ speech comes amid new figures that show the amount of data losses are on the rise.
Indeed, roughly 100 incidents were reported to the Information Commissioner's office from November 2007 to May 2008. The year-to-date total for 2008 now stands at 277 data losses. The figures show that Britain’s National Health Service (NHS) is one of the worst offenders, reporting 65 total incidents, including 27 lost or stolen computers. However, then true number of such incidents is likely much larger since there is no legal obligation currently in place to report data losses.
In recent months a number of high-profile losses have occurred. An audit conducted by IT contractor EDS earlier this month discovered a computer hard drive holding the personal information of about 100,000 military personnel had been reported missing. And last year, a disc containing personal information and account details of up to 25 million people claiming child benefits was lost by HM Revenue and Customs.
Source: redOrbit Staff & Wire Reports
Related Articles
- Global Manpower Employment Outlook Survey Reveals Continued Weak Hiring Ahead But More Employers Are Saying They Will Hold On to Current Staff in the Third Quarter
- Survey Finds Employees Put Corporate Data and Security at Risk
- Palisade Systems Data Leak Device Finding Up to 100 Policy Violations During Initial Risk Assessments for Organizations Over Two Hour Period
- AT&T Announces New Voice and Data Services Contract With Republic Airways Holdings
- Data Storage Firm Apologizes for Loss of Railroad Data Tapes
- Nobel says bone loss claims not supported
- Bad-Air Report Came From Bad Data, Local Officials Say; AP Survey Put Two Area Neighborhoods on List
- Insurers Say Katrina Losses Worse than Expected
- Panel Says Risks Remain on Use of Pain Killers
- Testing for Hepatitis C Virus Infection Should Be Routine for Persons at Increased Risk for Infection
 |
 |
User Comments (0)
RSS Feeds