In August, the Anderson Review into bulk data collection – initiated by Teresa May as Home Secretary – published its findings. Britain’s spies should be allowed to continue harvesting large amounts of data from emails. David Anderson also backed the hacking of phones and computers ‘in principle.’ The government’s Investigatory Powers Bill, will put these abilities on a clear legal footing later this year. The arguments for and against the so-called ‘Snoopers Charter’ remains controversial. However, for all the outcry about data privacy arising from discussion of the Bill, the take-up of encryption has remained patchy.

The most recent Information Commissioner’s data security incident trends survey, demonstrated approximately a 22% increase on the number of cases received in the previous quarter.[1] In particular there was a 20% increase in incidents involving loss or theft of unencrypted devices.[2] Laptops, USBs and CDs/DVDs have the potential to carry large volumes of (potentially sensitive) personal information, which if lost, can be disastrous.

The Nursing and Midwifery Council, for example, were issued with a £150,000 civil monetary penalty after the council lost three DVDs related to a nurse’s misconduct hearing. It contained confidential, personal information and evidence from two vulnerable children. The ICO investigation found the information was not encrypted.[3]

Inadvertent consequences of the Investigatory Powers Bill have been insufficient focus, support and pressure from Government to responsibly encrypt- as resources and messaging were concentrated on making the case for data collection. Now these issues appear to have been largely settled, it is time for the new Government to prioritise robust data security.

 

[1] Data security incident trends Q1 2016/17 (April to June 2016), Information Commissioner’s Office, https://ico.org.uk/action-weve-taken/data-security-incident-trends/

[2] Ibid

[3] Ibid