Research by the Liberal Democrats has revealed that 37 million items of personal data went missing during last year. The party has claimed the figure raises further questions about the government’s ability to handle personal data and calls into doubt plans for ID cards.
Losses include a laptop stolen from King’s Mill Hospital in Nottinghamshire that contained 11,000 records on children aged between eight months and eight years, including their names, addresses and dates of birth, and the 80 passports which go missing in the post every month.
Before Christmas, transport secretary Ruth Kelly admitted to Parliament that the names, addresses and phone numbers of three million learner drives had been lost by the Driving Standards Agency. This followed the loss by Her Majesty’s Revenue and Customs of two discs containing the details of some 25 million people, after officials had failed to follow the proper procedures for handling data.
Nick Clegg, the Liberal Democrat leader, branded 2007 as the “worst ever year” for personal privacy.
“Vast numbers of British people have been the victims of serial incompetence. This shocking record of data loss means we need a total rethink on data-protection enforcement and an immediate end to the ID cards plan,” Clegg said.
“There is simply no way that any democratic government can expect an unwilling public to accept having their precious personal data cropped and stored in the world’s largest database when they aren’t confident that database will be safe,” Clegg added.
Clegg said the crisis in personal-data handling had reached crisis point and that the government’s plans to introduce a national ID cards scheme were now in freefall.
“Gordon Brown must now have the courage to admit that his government’s obsession with data retention has hit a brick wall, and drop it for good,” Clegg added.
MPs on the House of Commons Justice Committee are calling for tougher sanctions for government organisations which commit serious breaches of data-protection law.
Under current law, neither government departments nor agencies can be held criminally responsible for data-protection breaches.