In a press release last Wednesday, Information Commissioner Richard Thomas said that episodes of data breach in the UK had risen to 277 over the past year, since HMRC lost 25 million child benefit records. The new figures include 80 reported breaches by the private sector, 75 within the NHS and other health bodies, 28 reported by central government, 26 by local authorities and 47 by the rest of the public sector. The ICO is investigating 30 of the most serious cases.
According to an article in the New York Times, European Data Protection Supervisor Peter Hustinx says Europe's data protection regulatory framework needs updating -- but it will be two to three years before businesses even see the reform proposals. In the meantime, companies should take data protection into their own hands by showing they have control over their data and that they are accountable for it, he added. Businesses that store and use data in the ever-changing e-environment are calling for clear guidelines, but it seems that there are none yet on the horizon.
The Foley & Lardner Newsletter reports that Massachusetts has now issued final regulations mandating certain data security standards for all individuals and entities that own, license, store, or maintain personal information regarding Massachusetts residents. From 1 January 2009 companies that hold any personal information about Massachusetts residents will be required to develop policies that match the Massachusetts standard, including encryption of personal information on laptops, new certifications from service providers and amended outsourcing deals.