Thomas tells CEOs told to sort out data protection

Information Commissioner Richard Thomas called on CEOs to take more responsibility for data security within their organisation - at the same time as he released figures showing that government is still the worst offender for losing personal data.

Since November 2007 the ICO has received 277 notifications of breaches - 80 from the private sector, 75 from the NHS, 28 from central government, 26 from local government bodies and 47 from the rest of the public sector. This compares to about 200 in the preceding 12 months.

The regulator is still investigating 30 of the most serious breaches.

Thomas accepts that the number of breaches must be well short of the real total, either because organisations are covering up losses or because they do not realise information has been lost. He warned that ever cheaper storage technology meant more risk of losses. He is doubtful that a law to force companies and government departments to notify individuals when their data has been lost.

Thomas said there were three aspects to good data protection:

• Clear thinking and paperwork

  Getting the technology right

  Focussing on people and technology

The ICO is still waiting for new inspection powers it requested after the loss of the Child Benefit database.

The full text of the speech, to be delivered at the RSA conference, is here (pdf.).

Perhaps Thomas should swing by Whitehall on his way.

It was also revealed yesterday in a Commons written answer that seven civil servants were dismissed from the Identity and Passport Service in 2007-2008 and eight people were disciplined for breaching data protection principles. Full figures here.®