ICO warns of more breaches

ICO warns of more breaches


Richard Thomas tells MPs why he needs more power and more money

More cases of public information lost by central government departments have come to light since the HMRC fiasco, Information Commissioner Richard Thomas told the Commons Justice committee yesterday.

A number of public and private bodies have contacted the Information Commissioner's Office (ICO) to report breaches, he said.

"Quite a number of organisations, both public and private sector, have come to us saying they think they have found a problem."

Thomas also described the HMRC breach as "the worst the ICO has encountered" and said it called into question the security of the entire system of data sharing in government if information was not being encrypted.

If further breaches are to be prevented, the ICO needs more powers to make spot checks, as well as to prosecute negligent breaches of the Data Protection Act as a criminal offence, said Thomas.

The regulator also needs more money. The ICO total budget is £10m - compared with £890m for the Health and Safety executive and £143m for the Food Standards agency. And even this money comes from fees, rather than the government-allocated budget other watchdogs receive.

At the moment all data controllers – any agency that holds information on the public – must pay the ICO £35.

"This is the case whether they are the Home Office or the shop around the corner," said Thomas.

An fee increase on a sliding scale – depending on the size of the organisation – will provide more revenues, but the office still wants some government backing.

Thomas pointed out that he has to administer Freedom of Information laws - which have caused a permanent backlog of appeals to his office – as well as the data protection regime.

The commissioner also warned that the governments national biometric identity cards programme needs to be reviewed carefully – particularly the plan to keep records every time a card is used.

"Keeping this massive database with records of every time the card is swiped through a terminal is distinctly unattractive and would increase the risks," he said.