Organisations must stop bolting on data protection as an afterthought when deploying new information systems, the Information Commissioner's Office has warned.
Chief executives must understand the business risks involved in holding vast amounts of private information and ensure privacy concerns are clearly addressed, said Jonathon Bamford, assistant information commissioner.
Bramford also urged firms to install privacy-enhancing tools. His comments came before today's launch by the ICO of a report Privacy by Design aimed at helping companies to adopt new privacy techniques. The report, which was launched at the ICO’s conference in Manchester, highlights the need to ensure privacy is considered properly by organisations and from the start when they are developing new information systems.
Bamford said: "Organisations collect more and more personal information and many have invested in new technology to enable them to exploit our details more efficiently."
But companies should make sure "privacy solutions are hardwired in from the start, rather than added at a later stage", he said.
"No system is 100 percent secure, but organisations can mitigate the risks of data getting into the wrong hands by adopting privacy by design features and minimising the amount of data held."
"We are concerned that some organisations are still failing to realise the business risks associated with holding vast collections of personal data and we continue to urge organisations to minimise the amount of personal data they hold."
The responsibility rests with chief executives to protect personal information and avoid security breaches, he said.
The government is proposing to give the watchdog increased powers, including the ability to levy substantial fines for deliberate or reckless security breaches, under new proposals from the Ministry of Justice.