Top IT data security threats revealed and what organisations must do to stop them

May 21, 2014

The Information Commissioner's Office (ICO) has published a security report, “Protecting personal data in online services: learning from the mistakes of others”, providing best practice on how to avoid eight common IT security vulnerabilities that most frequently lead to data security breaches. The flaws include poor password storage, poorly designed networks in inappropriate locations, a lack of protection from structured query language (SQL) injection, poor decommissioning of old software and failing to update software. The report makes a number of recommendations including hashing and salting passwords, creating a well-designed security architecture, being aware of all of the components of a service to ensure that they are fully decommissioned and implementing a software updates policy.

Updating software has become even more urgent since Microsoft stopped supporting its Windows XP operating system and the uncovering of the security flaw, Heartbleed. The ICO says that all organisations should have a basic understanding of these types of threats and that, while the report is aimed at data protection officers and senior managers, IT security professionals may also find it of use.

Anyone who processes personal information must comply with eight principles of the Data Protection Act. The seventh data protection principle imposes data security obligations on organisations and the ICO can issue fines of up to £500,000 for serious breaches of the Data Protection Act.

Recent fines include the £200,000 penalty issued to the British Pregnancy Advice Service after the details of service users were compromised due to the insecure collection and storage of the information on their website, and the £250,000 fine issued to Sony Computer Entertainment Europe after the company failed to keep its software up to date, leading to the details of millions of customers being compromised during a targeted attack on the Sony PlayStation Network Platform.

Related pages:

Technology, Media & Digital more

icons Addthis Print Contact Register


tel: +44 (0) 20 7628 2000
10 Finsbury Square, London, EC2A 1AF
View map

For more information


Nigel Miller
Direct dial: +44 (0)20 7614 2504


  • Top Ranked Chambers UK 2014 - Leading Firm
  • Ranked in Chambers Europe 2013 - Leading Individual
  • Ranked in Chambers Global 2014 - Leading Firm
  • Legal 500 - Leading Firm
  • The Lawyer UK 200 - Listed Firm
  • The Law Society Excellence Awards 2012 - Shortlisted
  • Investors in People - Bronze