Slashdot Mirror

← Back to Stories (view on slashdot.org)

UK Gov't Lost Personal Data On 4M People In One Year

Posted by timothy on from the of-which-they-are-aware dept.

An anonymous reader writes "The U.K. government has lost the personal information of up to four million citizens in one year alone. The astonishing figures, calculated by the BBC, added up as Whitehall departments slowly released their annual reports for the year to April. And the trend has not stopped — in the latest revelation, HM Revenue Customs, which infamously lost the details of 25 million child benefits claimants last November on two unencrypted discs, experienced 1,993 data breaches between 1 October last year and 24 June." (More below.) "Earlier this week, the Ministry of Justice admitted it had lost 45,000 people's details throughout the year, on laptops, external security devices and paper, and that 30,000 of them had not been notified. Before that, the Home Office announced it had lost the data of 3,000 seasonal agricultural workers on two unencrypted CDs. In May, the Department for Transport lost the data of three million learner drivers. Other data losses occurred at the Foreign Office, which lost 190 people's data in five incidents. In January, the Ministry of Defence said it had lost a laptop containing the details of 620,000 recruits and potential recruits, and some information on 450,000 referees for job applicants. The Liberal Democrats have called for 'data guardians' to be appointed to monitor the government's handling of information."

1 of 163 comments (clear)

  1. Re:4000000? by joto · · Score: 5, Interesting

    How do you propose that they "prove competence",

    One suggestion would be to

    1. Make legislation that outlines procedures for handling privacy data that will be mandatory to follow
    2. Make everyone handling privacy data require a certificate that proves they are licensed to do so
    3. Make it illegal for somone to hire an unlicensed person to handle privacy data
    4. Make it mandatory to document whatever you do to privacy data in paper documents or electronic equivalents
    5. Enable a government bureau to periodically control these documents to see that procedures are followed
    6. And also to periodically do other kinds of tests, to test security procedures, e.g. "social engineering tests"

    Besides, I don't think it's "humanly" possible to transport this amount of information with absolutely no spillage at all.

    Sure it is. You need proper procedures and regulations. Sure, if you put it on a laptop or memory-stick, and let your employees carry it around without any oversight, accidents will happen. But if you treat the information as valuables, all will be fine. Money-transports don't usually go around losing money.

    The trouble is that there is no real accountability for losing data. If someone loses 4 million euros, they know somebody will be pretty unhappy. But losing the private records of 400 people, which given todays identity-theft-plagued society could easily result in damages of 4 million euros, is somehow not taken as seriously.