Watchdog highlights 'horrifying' security lapses

Watchdog highlights 'horrifying' security lapses

Summary: Information Commissioner's Office has called for stronger auditing and inspection powers following a range of security breaches in the past year

TOPICS: Security

The Information Commissioner's Office has criticised some of the UK's largest companies for a range of security breaches over the past year, calling the lapses in privacy "unacceptable".

Information commissioner Richard Thomas urged the companies' chief executive officers to raise their game. Orange, Barclays and NatWest were among those criticised for security and privacy breaches in the Information Commissioner's Office's (ICO) annual report for 2007, which was released on Wednesday.

"Over the last year, we have seen far too many careless and inexcusable breaches of people's personal information," said Thomas at the launch of the annual report in London. "The roll call of banks, retailers, government departments, public bodies and other organisations that have admitted serious security lapses is frankly horrifying."

Sentry Posts Blog

Sentry Posts Blog

Guarding the network

What you need to know — and what you and your peers have to tell us — about security management in our new community group blog

Read more

"How can laptops holding details of customer accounts be used away from the office without strong encryption? How can millions of store cards fall into the wrong hands? How can online recruitment allow applicants to see each other's forms? How can any bank chief executive face customers and shareholders and admit that loan rejections, health insurance applications, credit cards and bank statements can be found, unsecured, in non-confidential waste bags?" Thomas asked.

Although the majority of organisations process personal information appropriately, privacy must be given more priority in every UK boardroom, according to Thomas. "Organisations that fail to process personal information in line with the principles of the Data Protection Act not only risk enforcement action by the ICO, they also risk losing the trust of their customers," he said.

The ICO also called for stronger audit and inspection powers. Currently the ICO can only audit organisations' information-handling practices with their consent. The information commissioner wants the right to inspect and audit organisations where poor practice is suspected.

The ICO received almost 24,000 enquiries and complaints concerning personal information in 2006/07, and prosecuted 16 individuals and organisations for data-protection transgressions.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion