In a speech at the RSA on 29 October, Richard Thomas highlighted the risks
associated with large databases, the need for tougher sanctions to deter data
breaches and called on chief executives to take responsibility for the personal
information their organisations hold.
"The number of breaches brought to our attention is serious and worrying. I
recognise that some breaches are being discovered because of improved checks and
audits as a welcome result of taking data security more seriously. More laptops
have now been encrypted and thousands of staff have been trained. But the number
of breaches notified to us must still be well short of the total. How many PCs
and laptops are junked with live data? How many staff do not tell their managers
when they have lost a memory stick, laptop or disc? Many losses are probably
An extract from the ICO November Newsletter quoting Richard Thomas, the Information Commissioner:
Surely the solution to this is STOP COPYING personal information and sensitive data. If authorised individuals (including the subject) had online ACCESS to relevant data to do their job then there is no need to have data on laptops, memory sticks or CDs. An audit trail would reveal who accessed what data for what reason and when. This is one of the key principles of VRM.