A rapid rise in losses from giant databases highlights the need for tougher sanctions to deter such security breaches, according to a privacy watchdog.
The UK’s Information Commissioner’s Office (ICO) is also calling on chief executives to take responsibility for the personal information their organisations hold.
The number of data breaches reported to the ICO has soared to 277 in the past year.
New figures, released today by the ICO, include 80 reported breaches by the private sector, 75 within the National Health Service and other health bodies, 28 reported by central government, 26 by local authorities and 47 by the rest of the public sector.
The ICO is investigating 30 of the most serious cases.
Richard Thomas, the Information Commissioner, said information can be a toxic liability and that accountability rests at the top.
He said CEOs must make sure their organisations have the right policies and procedures in place.
"It is alarming that despite high profile data losses, the threat of enforcement action, a plethora of reports on data handling and clear ICO guidance, the flow of data breaches and sloppy information handling continues," he said.
"We have already seen examples where data loss or abuse has led to fake credit card transactions, witnesses at risk of physical harm or intimidation, offenders at risk from vigilantes, fake applications for tax credits, falsified Land Registry records and mortgage fraud.
"Addresses of service personnel, police and prison officers and battered women have also been exposed. Sometimes lives may be at risk."
Describing these breaches as "serious and worrying", Thomas said this was especially so because personal information is now the lifeblood of government and business.
He said that as a result data protection has never been more important.
"It is time for the penny to drop. The more databases that are set up and the more information exchanged from one place to another, the greater the risk of things going wrong," he said.
"The more you centralise data collection, the greater the risk of multiple records going missing or wrong decisions about real people being made.
"The more you lose the trust and confidence of customers and the public, the more your prosperity and standing will suffer.
"Put simply, holding huge collections of personal data brings significant risks."
Earlier this year, the UK Parliament decided that the ICO should have the power to impose substantial penalties for deliberate or reckless breaches.
The ICO is working with the government to ensure this measure is implemented as soon as possible.
It hopes that the threat and reality of substantial penalties will concentrate minds and act as a real deterrent.
Comments