U.K. commissioner blames CEOs for data breaches

The United Kingdom's information commissioner is calling on chief executives to take the security of customer and staff information more seriously.

"The roll call of banks, retailers, government departments, public bodies and other organizations which have admitted serious security lapses is frankly horrifying," Richard Thomas wrote in a report. "How can laptops holding details of customer accounts be used away from the office without strong encryption? How can millions of store card transactions fall into the wrong hands?"

The Information Commissioner's Office (ICO) received almost 24,000 inquiries and complaints concerning personal information, and it prosecuted 16 individuals and organizations in the past 12 months, according to its annual report for 2006 and 2007.

"Be sure you are not the business or political leader who failed to take information rights seriously."

--Richard Thomas, information commissioner, United Kingdom

"My message to those at the top of organizations is to respect the privacy of individuals and the integrity of the information held about them, to embrace data protection positively, and to be sure you are not the business or political leader who failed to take information rights seriously," Thomas said.

The ICO received complaints under both the Data Protection Act and the Freedom of Information Act.

More than half of Data Protection Act cases required the ICO to simply provide advice and guidance, while a breach was likely to have happened in more than a third of cases, of which a further 77 percent resulted in remedial actions such as correcting an individual's record or training staff.

The ICO received almost 6,000 complaints under the Freedom of Information Act and has closed more than three-fourths of those.

Public awareness of data protection rights has increased to 82 percent, with more people understanding that personal information must be handled appropriately, according to the report.

The information commissioner's plea follows a number of security breaches over the last year, including 12 U.K. banks found to be in breach of the Data Protection Act, following complaints about the disposal of customer information.

U.K. bank Barclays is facing an ICO investigation over allegations of customer privacy breaches, and telecommunications provider Orange and retailer Littlewoods were also found to be in breach of the Data Protection Act by the ICO this year.

Gemma Simpson of Silicon.com reported from London.

[wbenton]

Holding them responsible is one thing

Giving them the power to implement what they're being held responsible for is totally another problem, but part of the current problem as well!

Walt