Feeds

MoD laptop losses expose government data indifference

We don't care so they don't care

Choosing a cloud hosting partner with confidence

The latest data giveaway by the UK's Ministry of Defence shows that not even the most basic IT policies are being followed.

There are various ways to ensure laptops do not go astray when loaded up with sensitive information. The most basic is that such information should not be on any machine unless absolutely necessary. The second policy would be to take some action to ensure the laptop was kept physically safe - so leaving such a laptop in an empty car overnight is probably not a good idea.

Assuming one or both of these steps were followed, the MoD could then use various types of technology to ensure the data was safe if the worst did happen and the machine was stolen - it could password protect the machine and it could encrypt the data.

Gus O'Donnell, the man leading the investigation into government data handling, said in December's interim report that the MOD had no major problems except around bulk data transfers. The department, we were told, had "reassessed its policies and procedures in light of the incident with HMRC data, and is taking forward work to ensure that bulk data transfers are better protected and will make more explicit the need for early involvement of Data Protection Act specialists".

In the wake of the latest MoD loss, the government has sparked a feeding-frenzy for the IT security industry by seizing all government laptops which could contain sensitive data and impounding them until civil servants have learnt how to encrypt, and unencrypt, the data on their machines.

But maybe government should start with the obvious. Phil O'Neil, director and general manager of Kensington Europe, said: "It seems that, even though people know laptops can be easily stolen or lost... The best way to make sure that sensitive data does not fall into the wrong hands is to ensure that the device itself cannot be stolen.

"It is increasingly clear that companies are neglecting the most obvious threats to their security. Businesses invest millions in network security, yet they disregard the danger of physical theft. This is tantamount to investing in a sophisticated home alarm system but forgetting to lock the front door."

The Cabinet Office cannot tell us how many machines or people this laptop recall might include - it sends out the diktats, but does not do the maths. Individual departments are responsible for recalling the machines and training their staff.

Despite promises after the HMRC debacle, the Information Commissioner remains powerless - although Gordon Brown said he supported giving it the power to investigate government departments without consent - but the ICO is still negotiating exactly how this would work.

It is unclear just how much data the government still has which it hasn't given away or lost.

In October, 25 million people had their child benefit records given away. Last year, the Lib Dems estimated that some 37 million British citizens had private data lost by the UK government - the data was not perfect in that it failed to remove people who had had their data given away more than once.

But it supports the notion that more British people have had their information compromised or given away by the British government than have had it kept safe.

With preparations like this, we should all be more than ready to hand over our personal data to the proposed national ID scheme - after all, the data can't be that personal if the government has already given it away. ®

Security for virtualized datacentres

More from The Register

next story
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.