Today marks the 4th European Data Protection Day, a "celebration" marking the anniversary of the first European convention relating to data protection. The US and Canada are also marking 28 January as Data Privacy Day, although as yet, neither our American counterparts nor ourselves have gone so far as to proclaim a public holiday!
This time last year, the occasion offered little optimism about the effectiveness of data protection measures here in the UK: the Information Commissioner's Office issued a "Personal Information Promise" to organisational heads and government departments to ensure they raised awareness of data protection issues in their workplaces. It is difficult to see that this measure had any impact - the ICO announced yesterday that 818 data security breaches were reported over the last two years, with the two most common causes of breaches being the loss or theft of data or hardware.
One of the most alarming figures is that NHS bodies were responsible for 29% of all security breaches. Earlier this week, Southampton University Hospitals NHS Trust signed an Undertaking issued by the ICO, after admitting that an unencrypted laptop containing medical information on over 33,000 patients had been stolen from a retinal screening vehicle which had been left unlocked. This is unfortunately not an uncommon incident, but perhaps measures set to be introduced this year will inspire a greater level of vigilance among those handling data.
From 6 April 2010, the ICO will have the power to fine any organisation up to £500,000 for serious contraventions of the data protection principles. A consultation into the introduction of custodial sentences for the misuse of personal data closed on 7 January 2010. These two new powers, lobbied for by the new Information Commissioner Christopher Graham, demonstrate the ICO's eagerness to promote greater public awareness of the risks involved in handling personal data, and to show that it will not take breaches of the data protection principles lightly.
With these new powers just around the corner, it is more important than ever to ensure that you and your colleagues are fully updated on your obligations under data protection legislation. As a starter for ten, MacRoberts has created a list of data protection do's and don'ts which will give practical tips on how to prevent data security breaches which put yourself or your company at risk. You can view the list here.