The Ministry of Defence has lost four laptops containing personal records since 2004
MoD laptop thefts blamed on 'Facebook generation'
/v3-uk/news/1954460/mod-laptop-thefts-blamed-facebook-generation
27 Jun 2008, Guy Dixon , V3
An investigation into the theft of a of a Royal Navy recruiter's laptop in January has blamed the "Facebook generation" for lapses in security at the Ministry of Defence (MoD).
The Report into the Loss of MoD Personal Data (PDF) also revealed that the stolen laptop, which contained the unencrypted personal records for more than 600,000 recruits, was one of four laptops to have been stolen since 2004.
The investigation was conducted by Sir Edmund Burton, chairman of the Information Advisory Council, who warned that today's Facebook generation failed to understand the culture of security which was ingrained during the Cold War.
"These well-developed processes and procedures have not been translated effectively into the information age," he wrote.
"Generally there is little awareness of the current real threat to information, and hence to the MoD's ability to deliver and support operational capability."
The MoD has come up with an action plan in response to the report in which it outlines how it intends to implement the 51 recommendations.
Key changes include a new system of security procedures followed through by audits allowing only qualified users to handle authorised data, and a data-retention policy that complies strictly with the Data Protection Act.
Bill Jeffrey, permanent undersecretary at the MoD, said: "We deeply regret the losses of personal data.
"We have identified weaknesses within parts of the MoD that led to this situation, and I am confident that we are taking the necessary steps to address them."
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
Facebook or Education?
To drive on the roads both you and the car need to be legal and exactly the same should apply when people are put in charge of personal data. The current data issue is one of information that is safe when controlled by systems that are protected, being taken out of that environment and put in the hands of people who have not been trained on how to look after it. To use the car metaphor, it highlights the point that both driver and vehicle need to be checked and licensed because one relies on the other for safety. A perfect car can still be crashed if driven badly.
The Facebook Generation may play a part in all of this but cannot be blamed outright. The fact that people make little distinction between putting their own information on a social networking site and carrying someone elses on a laptop at work is something that any employer, not just the government, should address in its data security and use policies. Some well overdue laws on data use and management may also help to solidify this distinction in organisations and individuals minds.
As a base level the identity and access management policies of organisations need to reflect the relationship between the data and those handling it, the driver and the car, as it were. One set of policies if not punishables laws, need to be applied to both.
Posted by Mike Small, 30 Jun 2008