Breaking finance and business news, tax information, jobs and more for finance directors and senior finance professionals.

The Information Commissioner, Richard Thomas, has reminded chief executives of the vital importance of protecting staff and customers’ personal information.

Financial institutions 

Since the security breach at HM Revenue and Customs in November last year, the Information Commissioner’s Office (ICO) has been notified of almost 100 data breaches by public, private and third sector organisations.

Fifty per cent of the security breaches that the ICO has been made aware of by private sector organisations were reported by financial institutions.

Of those reported by public bodies, almost a third occurred in central government and associated agencies and a fifth in NHS organisations.

Richard Thomas, Information Commissioner, called it particularly disappointing that the HM Revenue & Customs breaches have not prevented other unacceptable security breaches from occurring.

He warned that the government, banks and other organisations need to regain the public’s trust by being far more careful with people’s personal information.

Data protection taken more seriously 

Thomas said that the level of understanding about data protection and the need to safeguard people’s personal information had undoubtedly increased.

“I am encouraged that more chief executives and permanent secretaries appear to be taking data protection more seriously, but the evidence shows that more must be done to eradicate inexcusable security breaches,” he added.

Information that has gone missing includes unencrypted laptops and computer discs, memory sticks and paper records.

Information has been stolen, gone missing in the post and whilst in transit with a courier. The material includes a wide range of personal details, including financial and health records. The ICO is investigating the circumstances of the breaches.

Procedural changes 

In 16 cases the ICO has required the organisation to make procedural changes to improve data security, such as encryption. In three instances the lost information has been recovered.

The ICO encourages organisations to report data breaches and can advise on dealing with breaches and notifying affected customers.

The ICO has recently published new guidance for organisations on how to deal with security breaches.

Related articles

• HSBC loses data on 370,000 customers
• Public sector more computer compliant than private sector peers
• Boards careless about IT governance
• Only half of TMT firms disclose data losses
• FSA fines Norwich Union £1.26m over data losses
• Executive lack data policy ownership
• New data losses at DVLA and building society
• HMRC loses 25 million personal records

Related links 

• Information Commissioner's Office