Richard Thomas

Firms woken up by HMRC breach, says ICO

Data watchdog, the Information Commissioner, says that the HMRC breach could have a positive outcome

Written by Rosalie Marshall

IT Week, 05 Dec 2007

The fallout from the HMRC fiasco could turn out to be positive for security in the UK after the Information Commissioner, Richard Thomas, reported that organisations have gone to his office with questions about security processes in the wake of the massive data breach.

During a House of Commons Justice Committee meeting this week on data privacy issues, Thomas said, “A number of organisations, both public and private sector have come to me saying they think they have found a problem …[and] bringing to our attention problems they have with security inside their own organisations.”

He added: “None appear to be on anything like the same scale as anything like that involving the HMRC, but there is certainly more to come out of the wash as we move forward. This incident has been a massive wake-up call to the very top of organisations … who are at long last asking questions to make sure that proper arrangements are in place. If they are not being given the reassurances that they require where problems come to light, they are starting to share those with us and take remedial action. Already there are some signs of projects being put on hold, or that a freeze is put on a transfer of data.”

Thomas also said there had been a “tripartite arrangement” between auditor PricewaterhouseCoopers, the Independent Police Complaints Commission (IPCC) and his own office, to have “sensible coordination” between thr groups over data privacy matters. PricewaterhouseCoopers is currently undertaking a review of the HMRC breach.

Malcolm Etchells, managing director of email monitoring vendor Waterford Technologies, argued that the ICO should be looking for ways to encourage firms to comply with DPA and implement best practices rather than seeking greater punitive powers.

"There's no problem with enforcing the law where criminality is suspected but I'd argue that most firms do their best efforts to comply," he added. "Instead of the 'stick' approach of frequent audits, they should maybe think about awarding firms for the best DPA compliance or best practices implementation."

He added that any spot checks should be focused initially on firms which handle a high volume public data, such as telemarketing firms, rather than private businesses which handle mainly employee data.

Enjoyed this article? Help spread the word:

Comments

Reader comments for this story
Post your comment Post your comment   What is this?

Also read

Related articles

White papers

Related jobs

Most read

Most commented

Special Reports

Latest

Spotlight

Accountants and the crisis: the outlook - ready for the worst

The downturn is hurting and forecasts of recession hang heavy...

PwC 10-year anniversary special report

Relive how the controversial mega-merger of Price Waterhouse and Coopers...

Make partner fast with YP

The latest edition of Young Professional features our definitive guide...

Find your next job

Find your next job
Solve your clients debt problem with a ClearDebt IVA
Salary Checker

Newsletters

Sign up here for the very latest news delivered to your inbox. Choose from the following options:

Search white papers

Search white papers

Have your say

Job of the week

More finance jobs...

Your next job