Again: loss of personal data by public officials in the UK
Less than two months after the loss of the personal details of 25 million people by the UK's tax authorities (see this blog entry), another substantial loss of personal data has occurred in Britain. As the BBC website writes, a laptop containing personal details of 600.000 people has been stolen from a Royal Navy officer in the Birmingham area.
The data are from people who have expressed an interest in, or joined, the Royal Navy, Marines, or Air Force, and they are the more detailed the further progressed the wish for joining was:
- For people who had actually submitted an application, data held on that laptop may include passport details, National Insurance numbers, drivers' licence details, family details, doctors' addresses, National Health Service numbers and bank details.
- For people who had merely made a casual enquiry, only a name may have been on the record.
The BBC gives no details as to the relative sizes of these two groups, but mentions that the Ministry of Defense is about to write to 3.500 people whose bank details were on the laptop's database.
Apparently the laptop was stolen from the officer's car which was parked overnight in the Edgbaston area of Birmingham.
One can only hope that hard questions will be asked of those responsible for this failure, questions like the following:
- Why was the data on that laptop?
- Was there authorisation for the data to leave whatever MoD premises they were originally collected in?
- Was the data protected through encryption?
- Why, in the light of the sensitivity of the data, did the officer choose to leave the laptop in the car?
- Was he authorized to do that?
- And: why was he not shackled to the laptop?
In the old days (and in movies) that was how they used to protect valuable things…
Update: The British Secretary of Defense, Des Brown, had to acknowledge before the House of Commons that already in 2005 two laptops had been lost containing personal data of members of the armed forces. He also said that on the present laptop had been the detailed data of only 153.000 people, but admitted that they had not been encrypted. Furthermore he said that in this case MoD security regulations had been breached, but did not go into details.
He also announced — yet another security review! (After each of the data debacles of the last weeks, the Brown government has promised one of those...). You can find a summary of his points and the full text of his statement to the House of Commons here.