Feeds

MoD laptop losses expose government data indifference

We don't care so they don't care

Intelligent flash storage arrays

The latest data giveaway by the UK's Ministry of Defence shows that not even the most basic IT policies are being followed.

There are various ways to ensure laptops do not go astray when loaded up with sensitive information. The most basic is that such information should not be on any machine unless absolutely necessary. The second policy would be to take some action to ensure the laptop was kept physically safe - so leaving such a laptop in an empty car overnight is probably not a good idea.

Assuming one or both of these steps were followed, the MoD could then use various types of technology to ensure the data was safe if the worst did happen and the machine was stolen - it could password protect the machine and it could encrypt the data.

Gus O'Donnell, the man leading the investigation into government data handling, said in December's interim report that the MOD had no major problems except around bulk data transfers. The department, we were told, had "reassessed its policies and procedures in light of the incident with HMRC data, and is taking forward work to ensure that bulk data transfers are better protected and will make more explicit the need for early involvement of Data Protection Act specialists".

In the wake of the latest MoD loss, the government has sparked a feeding-frenzy for the IT security industry by seizing all government laptops which could contain sensitive data and impounding them until civil servants have learnt how to encrypt, and unencrypt, the data on their machines.

But maybe government should start with the obvious. Phil O'Neil, director and general manager of Kensington Europe, said: "It seems that, even though people know laptops can be easily stolen or lost... The best way to make sure that sensitive data does not fall into the wrong hands is to ensure that the device itself cannot be stolen.

"It is increasingly clear that companies are neglecting the most obvious threats to their security. Businesses invest millions in network security, yet they disregard the danger of physical theft. This is tantamount to investing in a sophisticated home alarm system but forgetting to lock the front door."

The Cabinet Office cannot tell us how many machines or people this laptop recall might include - it sends out the diktats, but does not do the maths. Individual departments are responsible for recalling the machines and training their staff.

Despite promises after the HMRC debacle, the Information Commissioner remains powerless - although Gordon Brown said he supported giving it the power to investigate government departments without consent - but the ICO is still negotiating exactly how this would work.

It is unclear just how much data the government still has which it hasn't given away or lost.

In October, 25 million people had their child benefit records given away. Last year, the Lib Dems estimated that some 37 million British citizens had private data lost by the UK government - the data was not perfect in that it failed to remove people who had had their data given away more than once.

But it supports the notion that more British people have had their information compromised or given away by the British government than have had it kept safe.

With preparations like this, we should all be more than ready to hand over our personal data to the proposed national ID scheme - after all, the data can't be that personal if the government has already given it away. ®

Internet Security Threat Report 2014

More from The Register

next story
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
Apple SILENCES Bose, YANKS headphones from stores
The, er, Beats go on after noise-cancelling spat
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.