The UK has seen an "alarming number of security breaches" in the last six months involving public sector, private and charity organisations according to Information Commissioner Richard Thomas.
There have been 94 serious data breaches reported to the Information Commissioner’s Office (ICO) in the six months since HM Revenue and Customs lost two CDs containing 25 million records of child benefit recipients.
Public sector was the worst culprit, experiencing 62 breaches in the past six months. Almost a third of those occurred in Whitehall and its agencies, and a fifth happened in NHS trusts.
In the private sector, which had some 28 incidents, financial firms were responsible for half of security breaches. HSBC was one high profile culprit. Retailer Marks & Spencer was another. In January the Information Commissioner gave it two months to encrypt all its laptop hard drives. This followed the theft of an unencrypted laptop which contained the personal information of 26,000 M&S employees.
Thomas said it was "disappointing" that the HMRC breaches calamity had not stirred other bodies to prevent "unacceptable security breaches".
"The government, banks and other organisations need to regain the public's trust by being far more careful with people's personal information. Once again I urge business and public sector leaders to make data protection a priority in their organisation," Thomas said.
Information that has gone missing includes unencrypted laptops and computer discs, memory sticks and paper records. Data has been stolen, gone missing in the post and whilst in transit with a courier. The material that has been lost includes a wide range of personal details, including financial and health records.
In 16 cases the ICO has required the organisation to make procedural changes to improve data security, such as encryption. In three instances the lost information has been recovered.
The Commissioner's findings coincide with the release of the 2008 Information Security Breaches Survey, which was conducted by Price Waterhouse Coopers on behalf of the Department for Business Enterprise and Regulatory Reform.
The survey revealed that 78 percent of those surveyed reported having a laptop stolen where the data on hard drive was not encrypted while 13 percent had detected unauthorised outsiders within their network.
Andrew Beard, director of PricewaterhouseCoopers, said: "It's easy for companies to become complacent but they must consider their duty to protect users in the long term future."