UK bosses bitten by privacy watchdog - Data Security

The UK’s private and public sector bosses were yesterday accused of “frankly horrifying” breaches of people’s privacy.

Sounding what he said was a “wake-up call”, Richard Thomas, the Information Commissioner, restated he is considering new US-style powers to force outfits to report data leaks to those affected.

He also wants the all-clear to mount unannounced raids on organisations to check if they are respecting people’s personal details, as spelt out under the Data Protection Act.

It is expected, however, that the benefits of the new powers would have to be balanced against their likely cost, including alerting criminals to the value of unsecured confidential data.

They will be pitched to big business, like banks, retailers and organisations, as well as government and the public sector, as a way they can safeguard the risk of further eroding their customers' trust.

The call for fresh powers, to stem the rising tide of identity theft, comes at a time when consumer awareness that organisations must handle their personal data appropriately is now at a record high, the IOC said.

High-profile organisations such as TK Maxx, Orange and the Nationwide have been accused of security-sloppy procedures, earning the latter a fine of almost £1m, after a laptop was stolen.

“Over the last year we have seen far too many careless and inexcusable breaches of people’s personal information,” Mr Thomas said yesterday.

He asked: “How can laptops holding details of customer accounts be used away from the office without strong encryption?

“How can millions of store cards fall into the wrong hands? How can online recruitment allow applicants to see each others’ forms?

“How can any bank chief executive face customers and shareholders and admit that loan rejections, health insurance applications, credit cards and bank statements can be found, unsecured in non-confidential waste bags?”

Currently the Information Commissioner can only audit organisations’ information handling practices with their consent. He wants the right to inspect and audit practices where poor practice is suspected.

Mr Thomas said: “The roll call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying.”