Public sector organisations are behind a dramatic tenfold increase in the number of data breach incidents reported to the UK Information Commissioner (ICO), storage firm Imation has found.
Using figures obtained under Freedom of Information (FoI), the company uncovered an overall 1,014 percent rise in reported breaches since 2007 across eight industry sectors logged by the ICO.
This included a 1,609 percent increase in incidents reported by local government, a 935 percent rise in the NHS, and a 132 rise in central government. “Other” public sector organisations – a catch-all category for organisations that fall outside these headings – showed a 1,380 percent rise.
For comparison, the private sector as a whole showed a 1,159 percent rise with only one sector, telecoms, doing well enough to record no breaches in the most recent period.
The percentages also add up to a concerning number of cases in absolute terms; between November 2007 and November 2008, local government reported 11 data beach incidents a figure that had grown to 188 by 2012.
The total number of incidents reported to the ICO in 2011/12 stands at 821, Imation said.
“More alarming is the consistent year-on-year increase in data breaches since 2007,” said Nick Banks of Imation Mobile security. “The figures obtained from the ICO by Imation seem to show that increasing financial penalties have had little effect on the amount of data breaches each year,” he said.
The ICO figures aren't surprising or even particular new; the heady rise in data breach reports is similar across the developed world, driven at least in part a greater motivation to report what might once have been ignored or covered up.
This could be the key issue – is the need to report breaches and risk a fine feeding back into better security?
“Organisations must take responsibility for preventing breaches, and with so much available technology there really is no excuse for failing to adequately protect data,” said Banks.
Over time, the ICO’s has started to get tougher with the number of fines growing. One analysis claimed that the ICO was more likely to fine public sector organisations than private ones but comparisons are hard to make because of differences in the type of data held.