Leaders of public sector bodies and chief executives of businesses are being told that they need to take the security of employees’ and customers’ personal information more seriously. The call comes from the Information Commissioner, who publishes his annual report today, and follows several security breaches over the last year.
Richard Thomas, the Commissioner, will say there have been too many careless and inexcusable lapses in dealing with personal information. “The roll call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying,” Mr. Thomas will tell his audience at the Design centre in London.
He will have special criticism for banks and will ask how any bank chief executive can face customers and shareholders and tell them that information on loan rejections, health insurance applications, credit cards and statements can be found unsecured and in waste bags. He will add, “Business and public sector leaders must take their data protection obligations more seriously. The majority of organisations process personal information appropriately – but privacy must be given more priority.”
Mr. Thomas believes public awareness of data protection rights has risen to an all-time high and more and more people understand that personal information has to be appropriately handled. To ensure this happens, he is calling for his office to be given stronger audit and inspection powers. Under present regulations the ICO can audit an organisations’ information handling practices only with their consent. The Commissioner now wants the right to inspect and audit where poor practice is suspected.
The annual report reveals that the ICO received almost 24,000 enquiries and complaints concerning personal information in the last year and that it has prosecuted 16 individuals and organisations. The figures show, too, that almost 6,000 complaints were received under the Freedom of Information Act. In almost a third of the cases that have been closed the Commissioner’s rulings upheld the initial decision by the public authority involved.