Business warning over data security

It's a matter of consumer confidence, says ICO...

It's a matter of consumer confidence, says ICO...

In the wake of the HMRC data debacle, organisations must act to safeguard public confidence in data gathering - and that means considering the impact of new IT systems and technologies on individuals' privacy, says data watchdog the Information Commissioner's Office (ICO).

Speaking at a conference on the surveillance society, David Smith, deputy commissioner at the ICO, described the HMRC breach as a watershed and called on organisations to implement new safeguards to protect individuals' privacy. This means considering the impact of new IT systems before they are developed, he said.

Smith said in a statement: "It is essential that before introducing new systems and technologies, which could accelerate the growth of a surveillance society, full consideration is given to the impact on individuals and that safeguards are in place to minimise intrusion."

Security A to Z

From antivirus to zero-day, click here for's alphabetical guide to security.

The watchdog is calling for organisations to conduct 'privacy impact assessments' to identify potential risks to privacy and find ways of minimising them. This will help boost public confidence in data collection, said Smith. To this end, the ICO has launched a set of privacy risk management guidelines for organisations.

Public confidence in data security has been sorely tested by a series of high profile data breach incidents in both the public and private sector over the past few years, including the loss of 25 million child benefit records by HMRC last month and the theft by hackers of 45 million customer records from retailer TJX in 2005 and 2006.'s Full Disclosure campaign has been calling on the government to review its data breach legislation and improve the reporting of information security breaches in the public and private sectors in order to bolster public confidence.

This week Downing Street responded to our Full Disclosure e-petition, saying organisations will get guidance from the ICO on notifying their customers of a security breach.