More Data Breaches in the News
31st August 2012
Back to Databarracks Blog
Data breaches in the news on both sides of the
Atlantic
It was announced
yesterday that data breaches in the UK have increased 1000% in
the last five years. That equates to 821 data breaches in
2011-2012 - up from only 79 in 2007-2008.
The Information Commissioners Office (ICO) is putting a positive
spin on the figures claiming that the high numbers are a result of
greater awareness and reporting of the breaches.
This is no doubt at least partially the case. In 2010
there were penalties introduced for losses of data produced by
negligence. These penalties must have had an impact on
general awareness in addition to a change in culture and greater
willingness to report the breaches. This obviously makes it
difficult to really know what the trend is. There seems to be
agreement amongst commentators that in reality, the situation isn't
as bad as the figures suggest - rather that we are aware of the
data breaches that previously would not have been reported.
Data breaches in the NHS alone are up 935% which ties in in to
another healthcare related story release yesterday. This
comes from the American private health care firm Cancer Care
Group in Indiana. Unencrypted backups were stolen from
an employee's car containing details of 55,000 patients.
In America, the US Department of Health and Human Services
publishes data breaches affecting 500 or more
individuals. These aren't all electronic data breaches -
losses of paper are included too, but a high proportion are
electronic - with laptops in particular being a common
offender.
No system is perfect and we are all fallible, so there will
always be breaches. It is certainly positive that there are
procedures in place to monitor those breaches and try to improve
for the future.
The Case for Cloud Backup
Worryingly, we do not seem to be learning from the mistakes of
the past. Losses of unencrypted backups have been a frequent
occurrence and widely reported in the news in recent
years.
When transferring data - it is vitally important to consider who
can have access to it. Backups are not a rare or uncommon
occurrence. They should be taken at least every day and taken
offsite every day. This should be a very obvious place to
start when you are looking at your data security and potential for
breaches.
It is incredible that businesses still do not encrypt their
backups and that organisations still entrust both the security of
customer/patient data and the responsibility of taking backups
offsite to a member of staff instead of a simple automated
process.
Online or 'cloud' backup services remove the need for those
backups to be remembered and physically and removed by staff
guaranteeing that the data is encrypted and patient data
protected. There are often concerns about healthcare
organisations using cloud services, but with reputable cloud backup
services - even the service providers cannot see the backup data
they are storing for customers. This surely makes much
more sense that the current situation?