Thousands of lost and stolen devices are underreported to data privacy monitoring organisations putting in danger confidential data, researchers claim.
Figures from a series of Freedom of Information requests obtained by ViaSat UK show that the ICO received 1,089 data breaches between March 2014 and March 2015. During the same period, police forces across the UK reported at least 13,000 thefts of devices that could hold sensitive data from businesses.
According to ViaSat, there is no way of knowing whether any of these thefts put the population’s sensitive data at risk as the current Data Protection Act contains no legal obligation to report breaches and has no specific security requirements included.
Most of the breaches (431) reported to the ICO came from the healthcare sector, followed by local government with 129 cases.
The company added that the statistics suggest the private sector to still be greatly under-reporting the number of potential breaches it encounters. This comes with other mainly public sector organisations, such as education and law enforcement, accounting for a significant number of reported breaches
Chris McIntosh, CEO of ViaSat UK, said: "We must remember that 13,000 thefts is the bare minimum: considering that not all police forces could share this information, the real figure is likely to be many times greater. As a result, thousands of individuals’ private data could well be on borrowed time.
"It’s clear that this discrepancy isn’t due to the ICO but the framework it has to operate in. As it stands, the ICO simply doesn’t have the tools and powers it needs to ensure that either all threats are reported, or that risk is minimised.
"The ICO’s role is to encourage best practice in data protection. While it is clear that its financial penalties are aimed at this goal, it still needs more legal and financial muscle to drive its goals."
