Friday, January 18, 2008

Again: loss of personal data by public officials in the UK

Less than two months after the loss of the personal details of 25 million people by the UK's tax authorities (see this blog entry), another substantial loss of personal data has occurred in Britain. As the BBC website writes, a laptop containing personal details of 600.000 people has been stolen from a Royal Navy officer in the Birmingham area.

The data are from people who have expressed an interest in, or joined, the Royal Navy, Marines, or Air Force, and they are the more detailed the further progressed the wish for joining was:

  • For people who had actually submitted an application, data held on that laptop may include passport details, National Insurance numbers, drivers' licence details, family details, doctors' addresses, National Health Service numbers and bank details.

  • For people who had merely made a casual enquiry, only a name may have been on the record.

The BBC gives no details as to the relative sizes of these two groups, but mentions that the Ministry of Defense is about to write to 3.500 people whose bank details were on the laptop's database.

Apparently the laptop was stolen from the officer's car which was parked overnight in the Edgbaston area of Birmingham.

One can only hope that hard questions will be asked of those responsible for this failure, questions like the following:

  • Why was the data on that laptop?

  • Was there authorisation for the data to leave whatever MoD premises they were originally collected in?

  • Was the data protected through encryption?

  • Why, in the light of the sensitivity of the data, did the officer choose to leave the laptop in the car?

  • Was he authorized to do that?

  • And: why was he not shackled to the laptop?

In the old days (and in movies) that was how they used to protect valuable things…

Update: The British Secretary of Defense, Des Brown, had to acknowledge before the House of Commons that already in 2005 two laptops had been lost containing personal data of members of the armed forces. He also said that on the present laptop had been the detailed data of only 153.000 people, but admitted that they had not been encrypted. Furthermore he said that in this case MoD security regulations had been breached, but did not go into details.

He also announced — yet another security review! (After each of the data debacles of the last weeks, the Brown government has promised one of those...). You can find a summary of his points and the full text of his statement to the House of Commons here.

Technorati Tags: , ,


At 3/2/08 18:02, Blogger Robin Wilton said...

Dear Dr Busch - I wodner what your thoughts are on this weekend's story of alleged bugging of conversations between Sadiq Khan MP and one of his constituents, Babar Ahmad.

Is one of the implications that the government seems unable to design an accountable governance regime for cases where the "Wilson Doctrine" ought, for whatever reason, to be suspended?

At 10/10/08 08:47, Anonymous Anonymous said...

I saw the news of this latest 'loss' of personal data as I logged on to my yahoo home page this morning and immediately alarm bells began to ring.
I remembered, as you have mentioned in your blog, the recent loss of date just a few weeks ago and I also remembered a few months (si, eight or more) ago a young clerk at the inland revenue lost 3 discs contained the personal information of thousands of tax credit claimants (single parents I seem to remember). I also have vague recollections of other, smaller(?) losses of personal data at the hands of various governmental departments. And yet before the loss of those three discs by the clerk at the inland revenue I don't remember any news reports of such losses.
I can't help but wonder at the connection, if there is one, between these losses.
That all of a sudden the government seems to be haemorrhaging the personal information of its citizens left and right whist at the same time pushing hard for a data-base to contain massive amounts of data on all of us!
I wanted to gather as much information as I could regarding these losses of data and began with a quick google search, which is how I discovered your blog.
I wondered,in the course of your compiling this blog, if you'd considered the possibility of of a connection between these events and what you thoughts are regarding that possibility.
By way of introduction, I'm a mature student at the University of Liverpool studying for a combined honours in Politics and Sociology. - not that my curiosity about this data loss is in any way connect with my degree, but I felt a little (very little! lol)background about myself was the least I could offer.
I'll check back for any responses overthe next few days.
Best wishes,

At 10/7/09 01:32, Anonymous BFU rector said...

I think it safest to assume that any data will eventually be compromised. All information is at risk, all networks are vulnerable. Even secure and segregated information is subject to eventual fraud and incompetency.

At 30/12/10 07:52, Anonymous Belly Surya Candra Orsa said...

Great Blog..!!!! Keep Blogging.... :)

At 25/2/11 10:20, Anonymous Nepae said...

Well that sounds like crazy...the government better be more careful to protect the privacy of people...


Post a Comment

<< Home