HMRC Incident a “Godsend” for Highlighting Data Security

By Greg McNevin

December 10, 2007: The HMRC data loss incident is still sending shockwaves through the UK IT industry, with a recent meeting of the CSO Interchange, a high-level forum geared to hot contemporary topics, finding that in the wake of the incident brand reputation, risk management and the prevention of data loss have all become burning concerns for senior security professionals.

A lacklustre 60 percent of those attending confessed to having only "some idea" as to where their customer data is stored, and "limited controls" over it. Next to this, 72 percent see the impact of payment card loss on brand reputation as their biggest concern.

Speaking at the event, cross-bench peer, Lord Erroll, a member of the House of Lords Science and Technology Committee, described the recent HMRC data breach as a "godsend" for highlighting security concerns, claiming that “with luck the missing CDs have ended up in a landfill site, but this fiasco will force the government to start taking security seriously and the powers of the Information Commissioner's Office will be strengthened.”

Concerns about data loss ran strong through the debate, with 32 percent of those attending noting that they did know where their customer data was being kept or if there were any controls in place. Furthermore a low, but no less unsettling 9 percent had not even considered data loss as a specific issue.

“More than 70 percent of the security professionals attending CSO Interchange indicated that securing their networks and therefore the confidentiality of their electronically stored data is now harder than ever,” said Philippe Courtot, Chairman and CEO of Qualys and Co-founder of the CSO Interchange.

“The HMRC breach and other recent media stories are forcing this in to the open as a public issue. We must take these matters seriously and rethink the way security is provided online. Four years ago The Jericho Forum was the first non-government organisation to sound the alarm by suggesting practical and effective solutions for high industry. As yet their call to action has gone unanswered.

“Now is the time for industry and government alike to seize the initiative,” added Courtot.

Comment on this story