Friday, January 18, 2008

Again: loss of personal data by public officials in the UK

Less than two months after the loss of the personal details of 25 million people by the UK's tax authorities (see this blog entry), another substantial loss of personal data has occurred in Britain. As the BBC website writes, a laptop containing personal details of 600.000 people has been stolen from a Royal Navy officer in the Birmingham area.

The data are from people who have expressed an interest in, or joined, the Royal Navy, Marines, or Air Force, and they are the more detailed the further progressed the wish for joining was:

  • For people who had actually submitted an application, data held on that laptop may include passport details, National Insurance numbers, drivers' licence details, family details, doctors' addresses, National Health Service numbers and bank details.

  • For people who had merely made a casual enquiry, only a name may have been on the record.

The BBC gives no details as to the relative sizes of these two groups, but mentions that the Ministry of Defense is about to write to 3.500 people whose bank details were on the laptop's database.

Apparently the laptop was stolen from the officer's car which was parked overnight in the Edgbaston area of Birmingham.

One can only hope that hard questions will be asked of those responsible for this failure, questions like the following:

  • Why was the data on that laptop?

  • Was there authorisation for the data to leave whatever MoD premises they were originally collected in?

  • Was the data protected through encryption?

  • Why, in the light of the sensitivity of the data, did the officer choose to leave the laptop in the car?

  • Was he authorized to do that?

  • And: why was he not shackled to the laptop?

In the old days (and in movies) that was how they used to protect valuable things…

Update: The British Secretary of Defense, Des Brown, had to acknowledge before the House of Commons that already in 2005 two laptops had been lost containing personal data of members of the armed forces. He also said that on the present laptop had been the detailed data of only 153.000 people, but admitted that they had not been encrypted. Furthermore he said that in this case MoD security regulations had been breached, but did not go into details.

He also announced — yet another security review! (After each of the data debacles of the last weeks, the Brown government has promised one of those...). You can find a summary of his points and the full text of his statement to the House of Commons here.

Technorati Tags: , ,

Monday, January 07, 2008

Jeremy Clarkson and identity theft

Well, first of all, a happy new year to my readers! And I am glad to be able to report that page visits to this blog more than doubled in 2007 over 2006, to well over 5000 pageviews. I am very happy about this and will take it as a reminder to update this blog more often than I have recently done (take that with a grain of salt, like all new year's resolutions...).

Another reason to be upbeat is a story reported by the BBC today. It concerns Jeremy Clarkson, a British TV presenter specialising in motor journalism, and in my personal view one of the most unhappy examples of British jingoism-cum-machismo, someone who revels in almost every conceivable sort of public insult, especially against foreigners. Even his employer, the BBC, has described him as "not a man given to considered opinion".

Clarkson has a column in the tabloid The Sun, in which he recently made fun of the concerns about the lost personal details of 25 million British people due to negligence of the British tax authorities some six weeks ago (see this blog entry). Clarkson, alleging that this was all unnecessary fuss about nothing, proceeded to prove his point by publishing his account details (including account number and sort code) as well as instructions about how to find out his address in the newspaper.

"All you'll be able to do with them is put money into my account. Not take it out. Honestly, I've never known such a palaver about nothing," he teased his readers. But not so, as he had to find out: when opening his bank statement recently, he found that someone had used that information to set up a direct debit to a charity which took £500 out of his account.

It is to Clarkson's credit that he published the mishap, and even admitted: "I was wrong and I have been punished for my mistake." And: "Contrary to what I said at the time, we must go after the idiots who lost the discs and stick cocktail sticks in their eyes until they beg for mercy."

While losing £500 will not ruin this wealthy man, he had to learn the hard way (and some may be surprised he is capable of even that). But will it turn him into a champion of data protection in the future? Only time will tell...

Technorati Tags: ,