Page last updated at 09:44 GMT, Wednesday, 29 October 2008

Bosses 'ignore toxic data risk'

A woman using a mobile phone
Ministers are proposing to keep details of all phone calls in a giant database

Bosses must stop leaving data security to the "IT boys" and other staff and take responsibility themselves, the UK's information watchdog has said.

Many did not understand the risks of storing personal data, said Information Commissioner Richard Thomas.

They had to realise that it could be a "toxic liability" as well as an asset to an organisation, he added.

Mr Thomas is currently investigating 30 "serious" breaches of data protection law by the government and other bodies.

But he said a lot of data losses went unreported and some organisations were not even aware that it had gone missing.

Tighter policies

"It's often said that personal data is an asset for an organisation, we are saying it can be a toxic liability. There are many risks associated with holding information," he told BBC Radio 4's Today programme.

"There has been too much sloppiness, too much lack of awareness, of the risks of holding information and we are saying, really this is a matter for the top board, the chief executive of an organisation.

Holding huge collections of personal data brings significant risks
Richard Thomas
Information Commissioner

"It's no good saying the IT boys are looking after this, it's no good saying the lawyers are sorting out the policies, it's no good saying human resources are doing the training - it's right across the organisation.

"Computing power is so strong these days that many bosses don't simply understand what are the risks they are facing."

He said organisations should tighten up their policies, encrypt laptops, improve supervision and buy software that prevented large amounts of data can not be downloaded "all at one time".

"Things will inevitably go wrong, therefore you should plan for things going wrong," he told Today.

Giant databases

He said progress was being made but added: "We are still long way from saying we have got a tighter grip on the management of personal data."

In a speech later at the Royal Society of Arts in London, Mr Thomas will urge companies and other organisations to hold the least amount of data possible and warn they should face tougher penalties when any is mishandled.

He will also warn that creating giant databases of personal information would carry "significant risks" for the UK.

The government has recently defended a proposal to create a huge database recording all internet and telephone traffic.

Opposition parties have criticised the plan which could see details of every phone call, e-mail and text message sent in the UK recorded and kept for two years.

'Lose trust'

"The more databases that are set up and the more information exchanged from one place to another, the greater the risk of things going wrong," he will say.

"The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made.

"The more you lose the trust and confidence of customers and the public, the more your prosperity and standing will suffer.

"Put simply, holding huge collections of personal data brings significant risks."

The speech will come as new figures show that reports of data loss are increasing.

About 100 incidents were reported to the commissioner's office in the six months from November last year. The total for the year to date is 277.

The NHS is one of the worst offenders, reporting 65 incidents in total, including 27 computers lost or stolen.

However, the real figures are likely to be much higher, because there is currently no legal obligation to report data losses.

There have been a string of high-profile data losses in recent months.

Earlier this month, a computer hard drive containing the personal details of about 100,000 members of the armed forces was reported missing during an audit carried out by IT contractor EDS.

And last year, HM Revenue and Customs lost a disc containing the names, addressees, dates of birth and bank account details of up to 25 million people claiming child benefit.




SEE ALSO
Hoon defends giant database plans
17 Oct 08 |  UK Politics
'60,000' devices are left in cabs
18 Sep 08 |  Technology
Firm 'broke rules' over data loss
22 Aug 08 |  UK Politics
'No decision' on giant database
17 Jul 08 |  UK Politics

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites


FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

BBC navigation

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific