More than nine out of ten potential data breaches resulting from lost or stolen devices in the UK go uninvestigated by the Information Commissioner’s Office (ICO), according to a new study.
Security vendor ViaSat UK submitted a series of Freedom of Information (FOI) requests to British police forces and the ICO.
It found that while 13,000 devices containing regulated information were reported as lost or stolen in the 12 months to March 2015, fewer than 1,100 incidents were brought to the attention of the national data protection watchdog.
This suggests firms in the UK could be escaping reprimand for as many as 92 per cent of data breaches, according to ViaSat, and the actual number may be much higher.
“We must remember that 13,000 thefts is the bare minimum,” said chief executive Chris McIntosh.
“Considering that not all police forces could share this information, the real figure is likely to be many times greater and as a result, thousands of individuals’ private data could well be on borrowed time.”
Most of the data breaches reported to the ICO came from the healthcare and public sectors, which together accounted for just over half (51 per cent) of the total.
This suggests that the private sector is “still greatly under-reporting” the number of incidents it encounters, according to Mr McIntosh, and that the ICO requires “more legal and financial muscle” to fully enforce data protection regulation in the UK.
The number of data breaches rooted in lost or stolen devices demonstrates the need for firms to better manage their records through their entire lifecycle, from to use of encryption to secure data destruction.
Kroll Ontrack provides software for MS Exchange and SharePoint, solutions for permanent data erasure, and services for tape archives, as well as data recovery.