The UK has seen an "alarming number of security breaches" in the last six months involving public sector, private and charity organisations according to Information Commissioner Richard Thomas.
There have been 94 serious data breaches reported to the Information Commissioner’s Office (ICO) in the six months since HM Revenue and Customs lost two CDs containing 25 million records of child benefit recipients.
The public sector was the worst culprit, experiencing 62 breaches in the past six months. Almost a third of those occurred in Whitehall and its agencies, and a fifth happened in NHS trusts.
In the private sector, which had some 28 incidents, financial firms were responsible for half of security breaches. HSBC was one high profile culprit. Retailer Marks & Spencer was another. In January the Information Commissioner gave it two months to encrypt all its laptop hard drives. This followed the theft of an unencrypted laptop which contained the personal information of 26,000 M&S employees.
Thomas said it was "disappointing" that the HMRC breaches calamity had not stirred other bodies to prevent "unacceptable security breaches".
"Government, banks and other organisations need to regain the public’s trust by being far more careful with people’s personal information," he said.
Information that has gone missing includes unencrypted laptops and computer discs, memory sticks and paper records. Data has been stolen, gone missing in the post and whilst in transit with a courier. The material that has been lost includes a wide range of personal details, including financial and health records.
In 16 cases the ICO has required the organisation to make procedural changes to improve data security, such as encryption. In three instances the lost information has been recovered.