Following "unacceptable privacy breaches", Information Commissioner Office (ICO) has called on UK chief executives to take data security of employees’ and customers’ information more seriously.
Information Commissioner Richard Thomas described the list of banks, retailers, government departments, public bodies and other organisations that have admitted serious security lapses as "frankly horrifying".
Thomas, who will launch his annual report in London today, said: "Business and public sector leaders must take their data protection obligations more seriously. The majority of organisations process personal information appropriately – but privacy must be given more priority in every UK boardroom. Organisations that fail to process personal information in line with the Principles of the Data Protection Act not only risk enforcement action by the ICO, they also risk losing the trust of their customers."
"How can laptops holding details of customer accounts be used away from the office without strong encryption? How can millions of store cards fall into the wrong hands? How can online recruitment allow applicants to see each others’ forms? How can any bank chief executive face customers and shareholders and admit that loan rejections, health insurance applications, credit cards and bank statements can be found, unsecured in non-confidential waste bags?" he asked.
Last month, the Commissioner called for stronger audit and inspection powers to allow his office to carry out impromptu inspections and audits. Currently the ICO can only audit organisations’ information handling practices with their consent. The Commissioner wants the right to inspect and audit practices where poor practice is suspected.
The Information Commissioner’s annual report highlights that the ICO received almost 24,000 enquiries and complaints concerning personal information from 2006 to 2007. The ICO said it has prosecuted 16 individuals and organisations in the last 12 months and two parliamentary inquiries have started following the Commissioner’s call for a debate on the UK’s ‘surveillance society’.