Burglaries and theft account for third of data breaches

hand out of computer

Burglaries and theft are the the biggest risks when it comes to businesses losing information, accounting for a third of data breaches, according to the Information Commissioner's Office (ICO).

The ICO said that theft accounted for 231 of the 711 security breaches that have occurred since the infamous loss of 24 million child benefit records two years ago.

More than 200 private sector firms and 209 NHS bodies have reported breaches to the ICO. This is worrying, as the ICO said that the NHS usually held the most sensitive personal data, such as health records.

In a statement, deputy information commissioner David Smith said that while the majority of organisations got data protection right, a significant minority failed to take security seriously enough.

"Unacceptable amounts of data are being stolen, lost in transit or mislaid by staff," he said. "Far too much personal data is being unnecessarily downloaded from secure servers onto unencrypted laptops, USB sticks, and other portable media."

Currently the ICO can serve organisations with enforcement notices, and force chief executives to sign formal undertakings' to improve security.

However, in 2010 new powers are scheduled to come into force that will allow the ICO to fine organisations, where there is evidence of a reckless or deliberate' data breach.

The Ministry of Justice is currently deciding on how much these fines will be, while the ICO is working towards better compliance with the Data Protection Act.

The upcoming Coroners and Justice Bill should also give the ICO formal inspection powers across government.

"People's data has a value. If you had 10,000 you are unlikely to leave it in the boot of your car; you would put in a safe or deposit it in a bank," said Mick Gorrill, ICO assistant commissioner, in a statement.

"In the same way, people's national insurance numbers, health records and bank details are valuable assets and organisations must take adequate steps to protect personal data."