All the latest UK technology news, reviews and analysis
|
|
|
10 Oct 2008
Military Police are conducting an urgent investigation into the loss of a hard drive believed to contain the personal details of up to 100,000 serving armed forces personnel, as MPs demanded a "cultural change" in the way Whitehall treats personal information.
The call followed the disclosure that Ministry of Defence (MoD) subcontractor EDS could not account for the whereabouts of the portable drive, which could contain passport numbers, dates of birth, names of next of kin and driving licence details as well as names and addresses.
Further reading
A spokesman for prime minister Gordon Brown confirmed the investigation and described what had happened as "regrettable".
There was no comment on any implications for the government's ID card system, which faces increased political challenges following a series of government data handling blunders.
New defence secretary John Hutton is reported to have called for an examination of EDS' contract to see how it covers this type of breach of trust.
Tory shadow defence secretary Liam Fox said that the incident underlined the MoD's poor record in keeping sensitive and classified material secure.
"The loss of so much confidential information shows the reckless approach this government takes with our personal information," he said.
Tory MP Nigel Evans, chairman of the All-Party Parliamentary Group on Identity Fraud, said it was ironic that the loss was revealed during National Identity Fraud Prevention Week.
The loss of the type of data believed to be missing "will be music to the ears of fraudsters everywhere", he said.
"It is vital there is a cultural change across the public sector with all professionals aware of their responsibility to protect and manage personal data, " added Evans.
SNP defence spokesman Angus Robertson said it was "extraordinary that the MoD could allow this to happen again" on top of the loss of data on more than 500,000 potential recruits and their families, which was stored unencrypted on a laptop in a Royal Naval officer's car.
The MoD said it was informed on Wednesday by EDS that it was unable to account for a portable hard drive used in connection with the administration of armed forces personnel data. The loss was revealed by an audit the company was performing in compliance with the Cabinet Office data handling review.
Other recent data losses include four laptops containing details of more than 100 bankrupt company directors from the Insolvency Service in Manchester, details of nearly 18,000 current and former staff at Whittington NHS hospital by a firm providing payroll services, and a computer containing details of 5,000 prison and offender management staff, also by EDS.
Latest stories from Privacy
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Overview: My client; Based in the City...
**New Vacancy** Based in London Up to £35,000 - £42...
Junior BA The role of the junior BA is to support the...
Project Manager - Financial Services IT - up to £85'000...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Another MoD data blunder, another wake up call
Once again, this announcement will act as another wake up call to the Government and all holders of personal data. The security technology and processes currently in place clearly does not protect against human error or malice, so the public sector needs to start following enterprise's example for its security provisioning. This announcement highlights the importance of sub-contractors and outsourced partners implementing the same due diligence, audit and governance procedures that are in place within the four walls of corporate and government establishments. In essence, when a third party is beholdent to another's precious assets, be it data, knowledge or both, then that asset should be scrutinised in terms of its integrity to an even higher than normal standard. To negate such security losses, laptops and PCs should have full hardware disk encryption, that allows data to be encrypted at the hardware level allowing always-on data encryption and full protection even if the hard drive itself is stolen. However, the need for security in the IT infrastructure is becoming more and more pervasive, encompassing the entire network and the appliances that are attached to it. Therefore, data encryption at appliance level (e.g. PCs) is important, but there is an increasing amount of appliances (e.g. mobile telephones, PDAs, BlackBerrys, virtualised solutions) accessing the network that must also be secured. Encryption, authentication and access control is especially key for these technologies, as is the encryption of the data as it travels across the network and the data protection within server, storage and SAN environments. Another viable security solution against leaks and breaches in the future, the Government should explore virtualised computing solutions that allow laptops to purely act as "dummy terminals" where all the data is stored centrally. Therefore, if a laptop is lost or stolen, important data is not able to get into the wrong hands. Authentication and verification is continuing to become much more sophisticated and NEC is at the forefront of such developments using a range of multi-modal approaches, such as presence-based access control (e.g. NFC, RFID, and chip & pin) alongside biometric security (fingerprint, facial and eye recognition), which will become increasingly important in the years ahead. Ultimately, human error, disclosure or malice continues to be the biggest threats to data security, so if the Government is to avoid the negative headlines we have recently seen, they should be looking to deploy the personalised, multi-modal solutions that we would expect from Government levels of security. However, even with the best security in the world, processes and procedures need to be in place to manage human error.
Posted by: Richard Farnworth, General Manager, Enterprise Solutions, NEC 14 Oct 2008
Culture change is needed
The premise that a culture change in how personal information is secured needs to take place is correct. At www.InsideIDTheft.info we track the epedimic of identity theft and the numbers are staggering.
Posted by: Rob Douglas - Editor, www.InsideIDTheft.info 12 Oct 2008
Data Loss
The Large UK Organisations are not taking peoples data security onboard enough. Only a few months ago I bought a Hard Drive containg Bank customers details and also some of their mobile numbers. It was belonging to an ATM (hole-in-the-wall) machine. and had in excess of over 100,000 details of transactions dated up to September 2007. I took it to the police who spoke to Barclaycard about it. There reply being that it was belonging to a laptop stolen from a mega managers car. {1} What was a manager doing with this info on a laptop? (2) It was a cover-up, as thois hard drive was from a desktop not a laptop. Also it was subsequently found (by myself) to have come from a Yorkshire Bank ATM. Nothing to do with Barclaycard. So why the cover-up? or have they also lost data? (3) In the light of the state of the banks at the moment, I for one and no doubt millions of people as well will lose confidence. (4) How many more cases from Banks have happened and been covered up like mine was? (5) I was given a new hard drive from the police and was not told who from. Then a few weeks later I got a phone call from a major mainstream Computer Company and who were willing to upgrade my current PC free of charge. How had this happened? and what a small price to pay for all that info when it could have easily got into the wrong hands.
Posted by: Eddie Roberts 11 Oct 2008