Personal Data Blunders in the Uk
In the past two years there have been numerous stories about personal information that has been trusted to government departments and public bodies going missing – whether it’s laptops going missing with sensitive information or entire databases being transferred onto a memory stick and sent through the post.
There have been over 160 ‘significant’ incidents reported to the Information Commissioners’ Office since November 2007. These incidents concern confidential data which has been misplaced by councils, central government and private businesses, and according to reports, every case could potentially lead to loss of personal information about thousands of people.
The Home Office Memory Stick ScandalIn January 2009, it was ruled that the Home Office had breached guidelines by allowing a contractor to download prisoner details onto a memory stick.The Data Protection Act states that organisations have a responsibility to ensure that any personal information they have on record is kept secure, but in August 2008, an employee of a private company left a memory stick which contained the names, addresses and also the expected release dates of 84,000 prisoners in an unlocked drawer. The memory stick then went missing, prompting an investigation and the termination of the contract with the private company. At the time, it had been feared that there would be a slew of compensation claims from prisoners or their families as a result, but this didn’t materialise.
The Home Office has been forced to sign a formal undertaking to improve its data protection policies.
Child Benefit Details Go MissingBack in November 2007, there was uproar when two computer discs which contained the personal details of every single family UK with a child under 16 went missing. The discs held information which included their names, addresses, dates of birth, National Insurance numbers and even their bank details – and the loss potentially affected 25 million people.
At the time, Chancellor Alistair Darling tried to calm the storm by saying that there was no evidence the data had fallen into the wrong hands – but at the same time warned people to keep an eye on their bank accounts.
The disappearance of the two discs sparked an investigation by the Metropolitan Police, and led to the appointment of a new chairman for the HMRC, when the chairman at the time of the breach, Paul Grey, resigned.
Tougher Rules Expected for Data ProtectionAs a result of these and other embarrassing breaches in data protection by government departments, in June 2008 it was announced that tougher rules would be introduced in all government departments.
The civil service chief Sir Gus O'Donnell called for a fundamental change in culture among staff who were responsible for handling this type of sensitive personal information, and that the changes that were being made included compulsory annual training and spot checks on data security to ensure that embarrassing and potentially damaging data losses would not be hitting the headlines again.
Unfortunately, by January 2009, things didn’t appear to have changed a great deal. Research by an online identity firm revealed that the policies in place at many government departments were still inadequate, after they sent 30 Freedom of Information requests, covering major government departments and offices.
Only three departments from the 30 they contacted could confirm that had put into place the required Data Protection Act correction policies, and only the Driver and Vehicle Licensing Agency (DVLA) and Department for Transport, have had independent audits to show their compliance. Are they taking your data protection seriously enough?