Only 55 of the data loss breaches have actually been reported
If you can’t stop data breaches, at least cover them up! This seems to be the data security code British authorities go by. Too bad for them there is something called Freedom of Information Act requests… A new report issued by privacy campaign group Big Brother Watch showed that councils across the UK experienced over a thousand data loss cases over a three year period – August 2008 to August 2011.
To get the information, the group sent 433 FOIs to local authorities and councils across the Great Britain and showed s shocking discrepancy between the reported 50 something incidents and the harsh reality. Not only did BBW uncover the data mishandling cases, they also requested information on what happened to the employees of said councils – if they had been disciplined, fired or prosecuted over the data breaches -, and inquired about the council’s response to each incident.
According to the 395 replies received,
“We have uncovered more than 1,000 incidents across 132 local authorities, including at least 35 councils who have lost information about children and those in care,” said BBW in a statement accompanying its report (PDF). “Highly confidential information has been treated without the proper care and respect it deserves. At least 244 laptops and portable computers were lost, while a minimum of 98 memory sticks and more than 93 mobile devices went missing.”
Only 55 of the incidents were subsequently reported to the Information Commissioner’s Office, which handles data loss complaints. In only 9 cases, those involved in the data breach were fired.
“I welcome this research by Big Brother Watch,” local government minister Grant Shapps told the data protection advocates. “This reinforces the need for steps to protect the privacy of law-abiding local residents. Civil liberties are under threat from the abuse of town hall surveillance powers, municipal nosy parkers rummaging through household bins and town hall officials losing sensitive personal data on children in care.”
For a list of some of the most important data incidents included in the report, read the story published by the Register.