All the latest UK technology news, reviews and analysis
|
|
|
27 Jun 2008
An investigation into the theft of a of a Royal Navy recruiter's laptop in January has blamed the "Facebook generation" for lapses in security at the Ministry of Defence (MoD).
The Report into the Loss of MoD Personal Data (PDF) also revealed that the stolen laptop, which contained the unencrypted personal records for more than 600,000 recruits, was one of four laptops to have been stolen since 2004.
The investigation was conducted by Sir Edmund Burton, chairman of the Information Advisory Council, who warned that today's Facebook generation failed to understand the culture of security which was ingrained during the Cold War.
"These well-developed processes and procedures have not been translated effectively into the information age," he wrote.
"Generally there is little awareness of the current real threat to information, and hence to the MoD's ability to deliver and support operational capability."
The MoD has come up with an action plan in response to the report in which it outlines how it intends to implement the 51 recommendations.
Key changes include a new system of security procedures followed through by audits allowing only qualified users to handle authorised data, and a data-retention policy that complies strictly with the Data Protection Act.
Bill Jeffrey, permanent undersecretary at the MoD, said: "We deeply regret the losses of personal data.
"We have identified weaknesses within parts of the MoD that led to this situation, and I am confident that we are taking the necessary steps to address them."
Latest stories from Public Sector
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Hands on with the highly anticipated Android 4.0 Ice Cream Sandwich hybrid tablet
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
An Infrastructure Technical Architect is required to...
Managed Services Process's Manager, ITIL V3 Intermediate...
My client is an excellent company within the media industry...
ASP.NET MVC, C# Developer (.NET, C#.NET, dot NET, Web...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Facebook or Education?
To drive on the roads both you and the car need to be legal and exactly the same should apply when people are put in charge of personal data. The current data issue is one of information that is safe when controlled by systems that are protected, being taken out of that environment and put in the hands of people who have not been trained on how to look after it. To use the car metaphor, it highlights the point that both driver and vehicle need to be checked and licensed because one relies on the other for safety. A perfect car can still be crashed if driven badly. The Facebook Generation may play a part in all of this but cannot be blamed outright. The fact that people make little distinction between putting their own information on a social networking site and carrying someone elses on a laptop at work is something that any employer, not just the government, should address in its data security and use policies. Some well overdue laws on data use and management may also help to solidify this distinction in organisations and individuals minds. As a base level the identity and access management policies of organisations need to reflect the relationship between the data and those handling it, the driver and the car, as it were. One set of policies if not punishables laws, need to be applied to both.
Posted by: Mike Small 30 Jun 2008