PI warns that breaches are leading to collapse of public trust in IT systems

20/01/2008

• Complaint figure soars one thousand per cent since HMRC breach
• Huge economic cost may arise as consumers refuse to disclose personal details to organisations

PUBLICATION EMBARGO: 22.00 GMT, Saturday 19th January 2008

The privacy watchdog organisation Privacy International (PI) today published figures showing a huge surge in public anxiety over information security. The new research data indicates that the mounting number of high-profile data security breaches is creating a crisis in public confidence over the way personal information is handled.

The result of a general breakdown of trust may reverse several years of confidence-building in e-commerce, resulting in the potential loss of billions of pounds of revenue for UK businesses. It may also create an environment of suspicion that imperils such institutions as the census and the electoral roll.

Each year PI receives around 25,000 complaints and queries from the public worldwide. These communications have over the years become a litmus test of public attitudes on a wide range of privacy and security issues.

PI has analysed around 14,000 UK based emails, phone calls and correspondence received in 2007 and culled those that relate to the security of personal information.

The figures show that until November 2007, when the HMRC breach was revealed, complaints expressing anxiety over personal information security had steadily increased month on month, but remained on average at less eighty per month. After that point the complaints soared in December to 678, nearly a thousand per cent up on the January figure of 69.

The complaints and queries to Privacy International represent a relatively small number of people, but tend to be indicative of general concerns across the UK. Where relevant, they generally mirror the complaints patterns to regulators such as the Information Commissioner, though only in circumstances where the regulator has a mandate to consider such complaints.

Most of the communications received by PI expressed deep concern over the continuing leakage of personal information and suggested that complainants were considering taking steps to limit the amount of personal data stored on large IT systems. This response will in the short to medium term create an impact on the flow of data to e-commerce sites, starving companies of a crucial source of revenue.

At this stage it is not a simple matter to predict the potential financial impact of such a trend, but it is quite possible that the economy's growth could be inhibited if trust in data security continues to erode. The cost could easily run into billions of pounds per year.

Privacy International's Director, Simon Davies, warned that the statistics revealed a deep-seated public anxiety over the way data was being handled. "Commerce has nothing if it loses trust. People will simply not risk putting their personal information onto commercial systems. It follows that they will also go out of their way to minimise their interaction with government systems."

"Action must be taken immediately by government to restore trust in IT systems. A useful first step would be for a Minister to take direct responsibility to reform and streamline security procedures within the public sector."

"A huge training and education effort must be made to entrench privacy and security into all levels of government. Clearly much of what exists should be completely rebuilt."

"Successive governments have shown disregard and even contempt for data protection law. This must be reversed or the crisis of confidence will create a huge economic impact across the UK economy."

"All major public sector IT programmes from the identity card to transformational government will be imperilled unless the public can have confidence in handing over their data to the government."

Related:
PI Comments on UK Tax Agency Data Breach
Privacy International to pursue data breach legal action against UK government