Sunday, June 6, 2010

A Look into the UK breach statistics

This data looks very much like the USA data published by HHS outlined in A Look into the HHS Posts Data Breach Notifications. The biggest issues in both cases are hardware theft.
According to statistics from the Information Commissioner's Office (ICO), the UK National Health Service has reported 305 data security breaches since November 2007.  During the same period, the private sector reported 288 breaches, local government reported 132 breaches, and central government reported 81 breaches.  The most frequent cause of NHS breaches was hardware theft, which accounted for 116 incidents, followed by hardware loss, which accounted for 87 incidents.  There were also 43 instances in which NHS information was disclosed improperly, 17 instances in which data were lost in transit, and 13 instances of improper technology disposal.  In all, more than 1,000 data breaches have been reported to the ICO.  In April the ICO was granted the authority to impose fines of up to GBP 500,000 (US $730,000) for serious data breaches.