Digital Rights Ireland

UK security breaches – Irish situation is no better

The Data Protection Commissioner has said that the recent UK security breach could just as easily happen in Ireland and that public bodies have ignored years of warnings about data security:

Data Protection Commissioner Billy Hawkes has issued a stark warning about the dangers of Irish public bodies suffering the same embarrassment as their counterparts in the UK, where disks containing the personal data of 25 million people have gone missing.

Mr Hawkes said he had serious concerns about the levels of data security in some public bodies that handle large amounts of information about citizens. He hoped the breach of data security in the UK would be a “wake-up call” for Ministers and for Irish bodies that need to improve their standards.

Warning of the dangers of individuals in public-sector bodies leaking private information, Mr Hawkes pointed out that there was clear evidence of this happening in the Department of Social and Family Affairs, where information about people had been passed to insurance companies. For this reason, the department’s data protection procedures were currently being audited. “We’ve been warning for years about the danger of information about us previously held in silos in the public sector being brought together in centralised databases and accessible to large numbers of public servants,” Mr Hawkes told RTÉ Radio’s News at One programme…

The situation in Britain should be of concern to everyone in Ireland, he continued, because similar amounts of information were held in government departments here. He stressed the need for organisations to keep their IT systems up to date and to encrypt sensitive data. In addition, it was important that employees were trained in security protocols and that those guarding personal information realised they had an “absolute duty” to keep it secret.

Asked if he was satisfied with the safeguards in place, Mr Hawkes replied: “I’m not at all satisfied. I have serious doubts about the quality of data security in some of the major agencies which have leaked data here. That’s why we’re auditing them.” [emphasis added]

2 comments November 22nd, 2007

UK security breach shows why data retention must be stopped

From the Irish Times:

Britain’s prime minister Gordon Brown and chancellor Alistair Darling were left reeling last night after the astonishing disclosure that the personal data of 25 million people and 7.25 million families across the UK has been lost.

The Metropolitan Police are now leading the search for two disks containing details of the UK’s entire child benefits database. The data was downloaded in breach of all standing procedures by junior officials at HM Revenue and Customs (HMRC) and then sent to the National Audit Office via an internal postal system that was not recorded or registered….

The data contains names and addresses of parents and children, national insurance and child benefit numbers and, in some cases, bank or building society details.

How long will it be before the giant databases created by data retention laws are compromised? Governments worldwide, and the Irish Government in particular, have shown that they cannot be trusted with the information they already have. Now is not the time to create even more databases.

This case also highlights the importance of our call for a right to be warned when your personal data is exposed. Under Irish law as it stands there is no obligation on the State – or anybody else – to warn you when they have allowed your personal information to be compromised. The first you may know about it is when you feel the effects of identity theft. But by then it will be too late.

Add comment November 21st, 2007