In the year since HM Revenue and Customs lost the records of 25 million people, some 277 data breaches have been reported to the Information Commissioner's Office(ICO).
Information Commissioner Richard Thomas is set to give a speech at RSA Europe later today, where he is expected to slam the government's move to large databases and call for all organisations to minimise the personal data they hold.
Of the 277 reported to the ICO, just 80 were from the private sector, with the rest in the public sector. The NHS was responsible for 75, while central government reported 28 and local authorities reported 26. The remaining 47 were from other public sector bodies.
The ICO added it is investigating the 30 most serious cases.
Thomas said in a statement: "The number of breaches brought to our attention is serious and worrying. I recognise that some breaches are being discovered because of improved checks and audits as a welcome result of taking data security more seriously. More laptops have now been encrypted and thousands of staff have been trained. But the number of breaches notified to us must still be well short of the total."
That such breaches continue to occur in the face of previous high profile cases and the threat of enforcement is alarming, Thomas said, adding that data loss can leave individuals open to abuse, fraud and even physical harm.
"Addresses of service personnel, police and prison officers and battered women have also been exposed. Sometimes lives may be at risk," Thomas said.
Phil Booth, the national coordinator of lobby group NO2ID, said: "The snooping-obsessed government is losing more personal information than ever, because it has seized more than ever. You can't trust a stalker state."
The government has been criticised for creating a database state, and keeping too much information on citizens especially in the face of the soon-to-be launched national identity card.
The ICO renewed its call for stronger powers, saying it was working with the government to ensure moves to allow it to impose stricter penalties are implemented as soon as possible. However, Thomas remains sceptical about requiring organisations to report such breaches, believing each case requires a different response.
So far this year, the ICO has taken enforcement action generally a letter requiring changes to data processes at the risk of prosecution against Orange Personal Communications, HMRC, the Ministry of Defence, the Department of Health, Virgin Media, Skipton Financial Services, the Foreign and Commonwealth Office, and Carphone Warehouse.
-
The IT industry’s shift to circular, low-carbon solutionsMaximize your hardware investment and reach your sustainability goals with HP’s Renew Solutions
-
Lenovo ThinkPad X9 14 Aura Edition reviewReviews This thin and light ultraportable will draw you in with its vibrant screen – but it isn't as powerful as some of its competitors
-
New Zealand privacy commissioner tipped to become next ICO headNews John Edwards is said to be an 'anti-Facebook' regulator who would fit well in the UK's plans to clamp down on big tech
-
What is a freedom of information (FOI) request?In-depth We look at the mechanism citizens can use to hold public bodies to account
-
ICO hints at Facebook hypocrisy over data protection goalsNews Elizabeth Denham asks Facebook to drop appeal after CEO's call for greater internet regulation
-
ICO to investigate Google over GDPR violationsNews UK Watchdog to liaise with other European regulators over 'forced consent' push by the tech giant
-
ICO myth-busts on the flow of data post BrexitNews The Information Commissioner explains how data will move between the UK and EU in a no-deal scenario
-
Leave.EU faces big fine over data law breachesNews Information commissioner reveals Leave.EU was fined a total of £75,000 for “serious breaches”
-
ICO website knocked offline for more than 24 hoursNews The outage was caused by an “unprecedented electrical surge” that damaged its host’s circuits
-
Elizabeth Denham appointed ICO bossNews Denham will be tasked with helping the UK leave the EU without any knock-on effects on privacy
