When data loss gets personal

Ask yourself a question: do you know where your personal information is held and do you know how secure it is? When you deposit your savings into a bank account or leave your house keys with a trusted neighbour you do so with the conviction that your money is safe and your keys will be put somewhere secure and out of the way.

We all seem accepting, however, of the fact that our personal information is ‘out there’ but that we don’t really know who holds it, where it is held and under what circumstances it is stored. Furthermore we expect that everything will be alright and that our personal information is safe and sound.

Is this state of affairs just a consequence of modern life and something to be accepted, or should we be more demanding in asking who is a custodian of our personal information, where is it held and how it is managed?

Perhaps we should just accept the status quo, but every now and again something happens that makes us feel very insecure and vulnerable. The most infamous of all data breaches occurred when Her Majesty’s Revenue and Customs inadvertently lost some 25 million personal records and couldn’t explain where they had gone.

Would it surprise you, therefore, given the political ramifications of this leak that according to the Information Commissioner’s Office (ICO) there were 743 data breaches reported between November 2007 and June 2010. Of this total the NHS was directly responsible for 305 separate incidences and was by far and away, the worst culprit.

Most recently, however, the UK has experienced a data breach that has the potential to go way beyond any financial consequences. We have had a data breach that has the potential to put people’s sexual persuasion under the spotlight and potentially have friends, colleagues and family pass judgment on their private lives.

The data breach in question was in respect to a cyber attack on a solicitors firm whereby an archive containing thousands of e-mails appeared on the internet. Most damming was the publication of thousands of names and addresses of account holders who were thought to have downloaded and illegally shared adult pornographic films.

So is there anything those affected could have done to stop the data breach, or is there anything the rest of us can do, if we are concerned about data protection issues?

Well, we could all voice our anger to those in Government and call for stiffer fines for organisations that fail to protect our personal and sensitive information. Currently speaking the ICO can levy a fine up to £500,000 on firms that abuse the Data Protection Act. Moving forward, perhaps the ICO needs to be strengthened including the regulation to impose much larger fines like the Financial Services Authority, so those organisations currently lacking the 'will' take data protection more seriously.

From the perspective of the individual, if we suspect our identities or personal information has been compromised, we can do a number of things:

• Proactively check our credit reports
• Regularly monitor our bank statements for fraudulent transactions
• Look out for any post from companies that we don’t recognise – don’t ignore final payment demands
• Apply for protective registration via CIFAS, the UK’s Fraud Prevention Service
• Take out an identity protection product that collectively does the above and more

With regards to this data breach though, the consequences are more likely to be public awkwardness and embarrassment, rather than any immediate financial loss, although anything is possible.