Categories: Security

FoI Requests Show Businesses Are Vastly Under-Reporting Stolen Devices To The ICO

Just one tenth of all devices stolen form businesses containing sensitive information are being reported to the Information Commissioner’s Office (ICO).

According to Freedom of Information (FoI) requests submitted by security firm ViaSat UK, 13,079 such devices were reported to police between March 2014 and March 2015, but the ICO reported just 1,089 data breaches.

The actual number is certainly higher given that only 34 of the 46 UK police forces responded to the requests and just 31 were able to provide detailed information.

Data loss landscape

Given the majority of breaches reported by the ICO relate to the public sector, this vast underreporting by the private sector means the scale of data loss in the UK is likely to be far worse than previously thought. ViaSat UK has called for the ICO to receive greater powers to protect the privacy of individuals.

“It’s clear that this discrepancy isn’t due to the ICO but the framework it has to operate in. As it stands, the ICO simply doesn’t have the tools and powers it needs to ensure that either all threats are reported, or that risk is minimised,” said Chris McIntosh, CEO of ViaSat UK.

“For instance, encrypting sensitive data is now a trivial matter in terms of both cost and complexity. If encryption of personal data was made mandatory, and enforced with spot checks and suitable punishments, then the public and the ICO could have much greater confidence that none of the 13,000-plus stolen devices represent a threat.

ICO powers

“The ICO’s role is to encourage best practice in data protection. While it is clear that its financial penalties are aimed at this goal, it still needs more legal and financial muscle to drive its goals. While compulsory reporting of every single potential breach could be difficult to enforce, inevitably it would give the ICO a clearer view of the problem and allow it to better mandate best practice.

“However, in the meantime compulsory encryption, and the power to police it, is the absolute minimum that the ICO should be granted.”

The ICO itself has requested greater powers and funding in the past. It claims its role as an independent regulator is becoming more important as the number of complaints it receives rises.

“We’re effective, efficient and busier than ever,” said information commissioner Christopher Graham last year. “But to do our job properly, to represent people properly, we need stronger powers, more sustainable funding and a clearer guarantee of independence.”

What do you know about ICO and its counterparts? Take our quiz!

Steve McCaskill

Steve McCaskill is editor of TechWeekEurope and ChannelBiz. He joined as a reporter in 2011 and covers all areas of IT, with a particular interest in telecommunications, mobile and networking, along with sports technology.

Recent Posts

Microsoft Executive Indicates Departmental Hiring Slowdown

Amid concern at the state of the global economy, a senior Microsoft executive tells staff…

2 days ago

Shareholders Sue Twitter, Elon Musk For Stock ‘Manipulation’

Disgruntled shareholders are now suing both Twitter and Elon Musk, over volatile share price swings…

2 days ago

Google Faces Second UK Probe Over Ad Practices

UK's competition watchdog launches second investigation of Google's ad tech practices, and whether it may…

2 days ago

Elon Musk Raises His Contribution To Twitter Acquisition

But one of Elon Musk's biggest backers on the Twitter board has tendered his resignation…

2 days ago

Broadcom Confirms VMware Acquisition For $61 Billion

Entry into cloud infrastructure software for US chip firm Broadcom after it confirms reports it…

3 days ago