Over 500 public sector data security breaches have been reported to the Information Commissioner in the past two years, new figures show.

Latest statistics released by the ICO show public sector bodies made up the majority of the 818 breaches reported since November 2007.

According to the watchdog, the NHS accounted for almost half of the cases involving the public sector. Health bodies reported a total of 240 separate security incidents, 97 of which related to the loss of data or hardware.

Local authorities notified the ICO on 101 occassions, while central government bodies admitted to 71 incidents.

Some 262 out of the 818 incidents were the result of theft, often where the personal information was held on an unencrypted portable device, the ICO said.

David Smith, Deputy Commissioner, said:

“In just over two months a further 100 organisations have reported data security breaches to us. We are keen to work with organisations to prevent breaches occurring in the first place and to help put things right when things do go wrong. Talking to us may of course result in regulatory action. However, organisations must act responsibly; those that try to cover up breaches which we subsequently become aware of are likely to face tougher regulatory sanctions.”

For a full breakdown of the incidents, see the table below.

Related Documents

ICO Data Breach Table,  26 January 2010

Organisations who are reckless with personal data will face fines of up to £500,000 from April this year, it was announced today.

Under new powers approved by Home Secretary Jack Straw, the Information Commissioner will shortly be able to levy  heavy penalties for serious data security breaches.

According to statutory guidance issued today the ICO, fines will be determined by on a case-by-case basis, taking into account factors such as the size and type of the organisation, whether the loss was deliberate or negligent, the potential impact on individuals affected and measures taken to improve security.

Organisations will have 28 days to pay the penalty amount, which will be reduced by 20% if full payment is made in time.

Announcing the new powers, Information Commissioner Christopher Graham warned he would “not hesitate to use these tough new sanctions for the most serious cases where organisations disregard the law”.