The security of information is always something that the government and financial institution are banging on about – pushing the responsibility of this on to the individual.
Personal responsibility for your own data should be part of your every day, but it sticks in the throat when the big companies that are lecturing about personal data security then go and treat the data under their control with gay abandon.
This has been brought into focus by the UK’s Information Commissioner who has today, at the launch of their annual report, called on CEO’s of UK companies to take data security more seriously. Specifically he highlighted the following questions, referring to data losses recently
“How can laptops holding details of customer accounts be used away from the office without strong encryption? How can millions of store cards fall into the wrong hands? How can online recruitment allow applicants to see each others’ forms? How can any bank chief executive face customers and shareholders and admit that loan rejections, health insurance applications, credit cards and bank statements can be found, unsecured in non-confidential waste bags?”
Call for more powers
Currently the Information Commissioner can only make inspection of companies if the targets consent to a visit.
The Commissioner would like this to change, looking for the right to inspect and audit practices where poor practice is suspected.