Banks, shops and government departments have exposed thousands in Britain to the risk of fraud through "horrifying" breaches of data protection laws, a watchdog said on Wednesday.He's not talking terrorism, so we can hope this is not just more FUD.
In his annual report, Information Commissioner Richard Thomas, whose office enforces the Data Protection Act, said firms must do more to secure people's private details.
"The roll-call of banks, retailers, government departments, public bodies and other organisations which have admitted serious security lapses is frankly horrifying," he said in the report.
— Privacy watchdog warns of "horrifying" breaches, The Scotsman, Reuters, 11 July 2007
And it's not: he supplied a number of examples. My favorite is:
- A job application Web site for junior doctors was dogged by a catalogue of security breaches that allowed access to other people's personal details.
What is to be done? Well, what about breach discovery in the UK:
The National Consumer Council believes it should be mandatory for businesses to warn people if sensitive personal information is compromised.Unfortunately, Thomas is not for it:
— Call for more ID theft protection, By Chris A'Court, BBC Radio 4's Money Box, 29 August 2006
He would like to encourage organisations to notify security breaches as "good practice" but said whether to make that a legal requirement needs a greater debate which has not yet started.That would be the same Parliament that appears to have exempted itself from the British Freedom of Information (FOI) Act, so don't hold your breath.
Any changes to the Data Protection Act would come via Parliament.