UK hit by 100 data breaches in six months

Nearly 100 leaks of sensitive personal information have been reported to the data protection watchdog in the last six months.

Organisations continue to lose sensitive personal data - despite high profile cases such as the HM Revenue & Customs (HMRC) data breach, and the Information Commissioner Office (ICO) has warned chief executives to protect staff and customers' personal information following an "alarming number" of security breaches reported to his office in the past six months.

Since the security breach at HMRC in November last year, the ICO said it has been notified of almost 100 data breaches by public, private and third sector organisations. The public sector accounted for 62 breaches and the private sector for 28.

silicon.com's Full Disclosure campaign - what we are asking for...

silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.

We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers if there is a chance the breach has put individuals' sensitive personal data at risk.

We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below or emailing us at editorial@silicon.com.

The ICO said half of the private sector breaches were reported by financial institutions. Of the public sector lapses, almost a third occurred in central government and a fifth in the NHS.

The breaches include unencrypted laptops going missing as well as computer discs, memory sticks and paper records. Information has been stolen, gone missing in the post and while in transit with a courier, and the ICO said the material includes a wide range of personal details, including financial and health records.

Richard Thomas, the Information Commissioner, said it was "particularly disappointing" the HMRC breaches have not prevented other security breaches from occurring, and said the government, banks and other organisations need to regain the public's trust by being far more careful with personal information.

"Once again I urge business and public sector leaders to make data protection a priority in their organisation," he said in a statement.

He said that while more CEOs appear to be taking data protection more seriously, more must be done to eradicate "inexcusable security breaches".

The ICO said in 16 of the cases it has required the organisation to make changes to procedure to improve data security, such as encryption. In three instances the lost information has been recovered.