Over more than 1000 data losses for the NHS. This is a new record.
Of which alone 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.

The Information Commissioner’s Office has warned organisations that they need to minimise the risk of mistakes, as the amount of losses reported tops 1,000.

The ICO claimed that staff need simple procedures on how to handle personal information with appropriate training to ensure the importance of securing it is fully understood. It also said that it is essential that the protection of people’s personal information is part of organisations’ culture and DNA.

An ICO report revealed that 254 breaches were as a result of information being disclosed in error, 307 were as a result of stolen data or hardware and 233 due to lost data or hardware.

A further 83 were due to a technical or procedural failure and 59 were lost in transit. A breakdown of companies revealed 305 incidents were recorded by the NHS, 288 in the private sector and 132 by local government. Only 81 incidents were the result of central government.

David Smith, deputy commissioner at the ICO, said: “We all know that mistakes can happen but, the fact is that human error is behind a high proportion of security breaches that have been reported to us. Extra vigilance is required so that people’s personal information does not end up in the wrong hands.

“Organisations should have clear security and disclosure procedures that staff can understand, properly implement these and ensure that they are being followed by staff. Staff must be adequately trained not just in the value of personal information, but in how to protect it.

“We are keen to work with organisations to prevent breaches happening in the first place and to help ensure that things are put right when they do go wrong.”

Source and full article: SC Magazine

When one thinks of institutions like the British Ministry of Defense, one expects tight security. Tight as in you cross us once, we expect you not to cross us twice. Apparently, things go another way, as the MoD, quoted by V3.co.uk, says the number of data breaches they have been exposed to was 4 times higher in the past year.

The Ministry’s  latest resource accounts show it suffered eight serious breaches in the 2008 to 2009 period, up from just two in the preceding year.  The most serious case lead to the loss of a portable hard disk from a contractor’s premises containing the names, passport information and bank account details of about 1.7 million individuals. That’s a big blow!

Other incidents included the theft of three USB sticks from “secure government premises”, which contained details of all RAF service personnel who served between 2002 to 2008 and some of their next of kin.

And in April last year, an unencrypted laptop was stolen from government premises containing the personal records of 300 people.

The MoD admitted that it had lost electronic equipment, devices or paper documents from outside government premises on 15 occasions, and in six instances they were lost from within government offices.

We’d say it’s about time they actually did something to prevent such breaches! A private company would have probably done so 8 breaches sooner…But then again, it’s public funds, isn’t it?

Although the numbers of data breaches reported in the UK has been significant this year, the UK Government has recently announced it will not implement a compulsory data breach notification law for the private-sector companies. The decision was made after reviewing a recommendation made in July by information commissioner Richard Thomas.

On the other hand public-sector organizations are obligated to report any significant potential or actual data loss. Their private-sector counterparts should report the losses in the spirit of “good business practice”. So if your data is exposed by a public-sector institution and only 2 others have been affected, or if a private company looses thousands of private record but does not see reporting the incident as good practice, you will never find out.

“After considering the analysis of the experience of the US in the area of data-breach notification legislation, the government is not intending to implement similar legislation to that in operation in the US,” states the Response to the Data Sharing Review Report.

Private-sector companies are not clear of all consequences, as fines for organizations found in breach of data-protection laws will soon be raised. According to the same report, The Ministry of Justice is working with the Information Commissioner’s Office to determine the level of the maximum fine.

If you are British and have been plotting to stalk a member of the British National Party (BNP) you might just have missed the opportunity. A list with all the party’s members, including names, addresses, and email addresses has recently shown up online. Some of those who just got exposed online are also underage (an extra “benefit” of the family plan BNP offers) and others had mentions of other personal details made public, such as job or hobbies.

As the Register puts it, “That’s how we know that that BNP members include receptionists, district nurses, amateur historians, pagans, line dancers and a male witch.” Members reacted pretty strongly, filing their comments with courses and outrage. As certain professions in the UK are expected to have no political color, they might even lose their job and according to several blog sources, some pretty powerful people in the BNP are to blame for the leak.

BNP spokespersons found out of the leak from the Register, but although completely unaware, they promised to treat whoever is responsible quite harshly!