ICO Expects More Security Breaches in Public & Private Companies
Following the disaster at HMRC, more cases have been reported in which departments of the central government have lost public information, Richard Thomas, the Information Commissioner, told the Commons Justice Committee on December 4, 2007. Vnunet reported this on December 5, 2007.
Many other public organizations reported loss of their data ever since the HM Revenue and Customs fiasco in which unencrypted discs holding database on 25 Million UK dwellers relating to child benefits went missing.
While speaking to the Commons Justice Committee, Thomas said that many private and public sector organizations complained that they thought a security problem existed. To this, Thomas said that he expected more of such breaches.
Thomas also said that the security breach at HMRC is the worst incident for Information Commissioner's Office and that it raised questions if security is intact with data sharing of unencrypted information in government departments.
The Commissioner then stressed on proper review of the government program of biometric identity cards, especially the scheme to update records on every use of a card.
However, Thomas admitted that maintaining the resultant huge database of records on every instance of swiping the card through a public terminal is clearly unattractive and could also entail greater risks.
Richard Thomas, the person responsible for freedom of collecting and disbursing information as well as protecting such information, asserted that there should be stronger inspection powers with the Information Commission, which it could use to visit government departments as also private companies for inspecting their data security systems without the need to take the company proprietor's permission. Guardian Unlimited reported this on December 4, 2007.
Managing Director Malcolm Etchells of Waterford Technologies, the vendor for e-mail monitoring, put his point by saying that the ICO should encourage organizations to do their best in adhering to PDA and execute best practices, instead of looking for more punitive authority. IT WEEK reported this on December 5, 2007.
Etchells added that the ICO should focus any spot inspection on organizations that deal with a lot of public data, like the telemarketing companies rather than on private enterprises that handle primarily employee data.
Related article: ICC Cup Event Could Be Fodder for Phishers
» SPAMfighter News - 19-12-2007