NESTA Crime Online - University of Brighton Repository
NESTA Crime Online - University of Brighton Repository
NESTA Crime Online - University of Brighton Repository
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
e-mail addresses, etc), their low supply might be a direct result <strong>of</strong> the difficulty in<br />
compiling such information.<br />
However, other continuous data breaches are also exposing personal information on a<br />
large scale. Seven hundred data breaches were reported worldwide from 2007 to 2008,<br />
which resulted in 200 million identities exposed. 64 This figure represents an increase <strong>of</strong><br />
83 per cent compared to the previous year. In the UK, numerous Government data<br />
breaches have made the news. 65 But the problem affects all sectors: one survey has<br />
reported that 55 per cent <strong>of</strong> British companies have lost data in 2008, 66 and 96 per cent<br />
<strong>of</strong> the UK companies with more than 500 employees reported a computer related<br />
security incident in 2007. 67 The proliferation <strong>of</strong> larger centralised databases threatens<br />
more personal data being lost or abused. 68<br />
Despites this, the UK government announced in 2008 that it will not be implementing a<br />
data-breach notification law, similar to laws in many US states. 69 The importance <strong>of</strong><br />
reporting private data breaches has been a recurrent critical concern raised by the<br />
majority <strong>of</strong> our interviewees, including IT security firms, IT experts, academics and the<br />
police. 70 This was also the view <strong>of</strong> the House <strong>of</strong> Lords Science and Technology committee<br />
in their personal security report: "a data security breach notification law would be<br />
among the most important advances that the UK could make in promoting personal<br />
Internet security". As there is no UK legislation that demands the publication <strong>of</strong> private<br />
breaches, the full extent <strong>of</strong> the problem remains unknown.<br />
64 See http://datalossdb.org/.<br />
65 For example, HM Revenue and Customs (HMRC) lost 25 million child benefit records in November 2007. In<br />
January, the Ministry <strong>of</strong> Defence lost a laptop containing the details <strong>of</strong> over 1 million people. In May 2008, the<br />
Department for Transport lost the data <strong>of</strong> three million learner drivers. More recently, in November 2008 the<br />
Ministry <strong>of</strong> Justice admitted it had lost 45,000 people's details throughout the 2008.<br />
66 Leo King, “Over half <strong>of</strong> UK firms have lost data”, Computerworld UK, 13/10/2008; available at<br />
http://www.computerworld.com.au/index.php/id;1869348852;fp;39;fpid;26027.<br />
67 Department for Business, Enterprise & Regulatory Reform (BERR): Information security breaches survey<br />
(2008).<br />
68 Speech by Richard Thomas, information commissioner, in October 2008. In Alan Travis, “Bigger databases<br />
increase risks, says watchdog”, The Guardian, Wednesday 29 October 2008; available at<br />
http://www.guardian.co.uk/technology/2008/oct/29/data-security-breach-civil-liberty/print.<br />
69 It is already mandatory for public-sector organisations to report any significant actual or potential losses <strong>of</strong><br />
data to the Information Commissioner's Office (ICO).<br />
70 Interviews conducted from November 2008 to April 2009.<br />
Page 24