The German Chaos Computing Club starts from the standpoint that everyone's data has been lost, stolen or resold by now, and therefore suggests to politicians that it makes more sense to regulate the use of such data.

The fuss in Britain about data loss, the least reliable and controllable of the sources, seems to be a passing storm in the wrong teapot.

I will try to keep the words little so that your little brain can manage them

If it can be downloaded to an insecure device the data is not being held 'in a secure form'

It seems to have been a good year for data leaks. I can't remember so many. The government did have a good warm up year last year though. No wonder they were on top form. Maybe a new sport to be introduced at the 2012 Olympics.

There should be prosecutions. Simple as that. The laws exist (in the main) but I don't know what the guidelines for punishment are. It would be interesting to see how they are dealt with in the US. The US is generally much harsher than the UK on white-collar crimes.

>>

Home secretary Jacqui Smith has denied that the loss of the data was due to failures by her department. "This was data being held in a secure form, but was downloaded on to a memory stick by an external contractor," she said. "It runs against the rules set down in the contract that we had with the external contractor."

<<

It is your department's fault. If you have a hole anywhere in your data protection scheme, you protect it. For crying in a bucket, WHY was an external contractor able to use the USB stick in the first place? Ever hear of restricted access?

Crumbs, next you'll be saying the dog agreed to protect your breakfast, not eat it!

... but they need to ensure that directors of involved company are prosecuted as well as individual employee(s) directly responsible. It is directors who setup policies and approve budgets - both of which have profound security implications.

or will they just find some scapegoat at the bottom and blame them instead? it's a way forward but is it really a solution? Sadly I can't think of a better solution rather than, corporates will continue to make themselves blame free...

More shit by a different party, meaningless rubbish

"knowingly or recklessly"

Why would someone "knowingly" cause the loss of data?

Thats already illegal, its called "theft"

"Recklessly?" Loosing something isn't reckless. Its only human to "loose" things. Whats "reckless" is having an infrastucture that allows that data to pass offsite.

Which gets us directly to who should take the blame... And we know that those people are above the law.

So, again, this is just meaningless words. The people asking for the bill would not be beholden to it if they ever got in charge. And the people responsible for the current fuck ups would put you in jail before they ever faced a judge

I thought we'd already established that it was a USB flash drive, not a memory stick?

As for the notion that it is the department's fault, that's mostly bollocks. Whilst the department could easily have disabled the use of USB drives, the external contractor was under an obligation (in the contract which they signed) to keep that data secure. It is entirely their liability.

Can you imagine that 66m ID's going missing ?

I would only support the ID cards IF (BIG IF) the home sec and the prime minister will be proscuted if the data should go missing or lost.

Ask them the same question and now see if they are willing to go with the ID card system ?

Home secretary Jacqui Smith has denied that the loss of the data was due to failures by her department. "This was data being held in a secure form, but was downloaded on to a memory stick by an external contractor," she said. "It runs against the rules set down in the contract that we had with the external contractor."

If the system was secure they wouldn't have been able to do it in the first place unless of course what they have actually done is stolen the information in which case we will see prosecutions.Our government seems fond of passing the blame to other people when infact it is totally there responsibilty the way in which the said data is handled how many more times should this so called minister be believed that she is capable of tightening up the system..........when infact the situation is getting worse.

mines the one with the usb sticks in the pocket

Sorry, you've only confused the poor woman further.

I don't believe that she fully understands the terms 'downloaded' or 'secure'.

Allegedly.

These things seem to be only coming to light when a known copy of the data is reported lost. However they seem to fail to recognise the issue with having copies of this data moving around on portable media (DVD, CD and USB devices). The issue is data leaking, not the loss of an USB stick. I'll bet these cretins think that because e.g. 10 USB sticks went out, and 10 came back at the end of the day, there can have been no data loss. Ditto with the infamous missing 'in the post' data - if it had been handed in by a member of the public I'm sure they would have breathed a sigh of relief that 'no data had been lost'.

Of course the Opposition will make the kinds of pronouncements to appeal to the wild-eyed, drooling Daily Mail readers. There is unfortunately, a real differences between corporate responsibility of directors (of limited liability corporations) to their shareholders for proper governance and some sort of analogue being drawn with Governement Ministers and their senior civil servant executives. The Ministers and senior execs FEEL NOTHING when these breaches arise.

Now, if Ms Smith (or Blears, or Mr Browne, or...) were poked in the eye with a sharp stick each time they, or any employee in their department, caused a breach, then some performance improvement might follow. There is no point pursuing prosecution for these acts of omission and commission - we have to make it HURT those responsible.

Better, each time a Minister makes a fatuous & ignorant statement, at the despatch box or in an interview, press conference - whatever - i.e. "in a secure form, but was downloaded " or "but a department official emailed it to me, I didn't take it out of the department" then they should be poked in both eyes with 2 sharp sticks.

Depending on the efficacy of their remaining vision, I am convinced beyond all doubt that Ministers would soon be poking senior execs in their eyes. Then the message that security breaches hurt would be real for thee people and Departmental enforcement of EXISTING POLICY would be stepped up, pretty swiftish.

. . . if they'd be so vigilant if they were in office? Mind you, when they were in the driving seat even asking them about 'freedom of information' was almost seen as treason. The current mob have only built on the model set up over many years of dodging and obscuring info - which way was the Belgrano pointing? and many others. Information leaks were done the proper way then, no bloody Cd's to lose - papers straight to Moscow instead.

Despite noises to the contrary they won't have any information leaks from their pet Boris - so far there hasn't been anything of substance from that direction, only if's and but's and maybe's. Any actual policies from Head Toff? - nope, no information leaks there either.

Smoke and mirrors.

(apols for grocer's apostrophe - couldn't help it)

How bereft of imagination are both the Tory party and some of you numpties.

Is that the only response to anything we don't like - prosecute someone? Does that engender respect or a culture wherein we can learn from mistakes?

Sure, let's blame someone - anyone? - and make them pay - that'll ensure that next time a mistake gets made, we find out about it in a timely and open manner.

It is possible to restrict access to USB ports. I guess your system isn't as secure as you think. How much did it cost me, the taxpayer? I'm sure if I'd have purchased this system I would have got a better deal and maybe even some security.

Your department is responsible for holding this data, the data was lost yet it's not your responsibility? How does that work then?

Grow some bollocks and admit when you're wrong, it would be rereshing to see this quality in a politician. And while you're about it Jacqui, grow a fucking brain too.

Mine's the one with the memory stick in the pocket containing details of all of my company's customers which is for sale to the highest bidder because I won't be fucking prosecuted for it.

That a few BT retail scumbags/managers are due a spell in the slammer over the Phorm scandal?

I might have taken your rant a little more seriously if you were capable of spelling the 4 letter word "lose." I mean, come on!

In my time in the military, I noticed a practice which it wouldn't surprise me if it still persisted. When you got a contractor in to work on a project, you could go to the security people and ask them to approve a direct line to the contractor so that they could access data. The security people would gnash their teeth, and start writing security policies, and if you were really lucky, 6 months later you would be ready to connect them. By which time, everything they needed had been burnt onto CD ROM and shipped to them. But, the shipping contract was handled by someone else, so when you said the contents were sensitive and had to be shipped accordingly, they got thrown in the mail bag with everything else. The policies suck. In trying to stop hacking attacks on the government networks, they are allowing all the data out the back door instead.

Now, compare that to a bank (which is where I currently work). Banks have lots and lots of sensitive data, and they actually employ a lot of ex-military security types. But they also have a good dose of common sense as well. When I need to work with a contractor, I can get a line set up with them almost instantly. I might have to give them one of our machines at their end to use, but it isn't hard to get it authorised. If I want to connect to someone big, like an exchange, I can have the line up in no time at all. Most of the time is spent making sure the connection is resilient to outages, and the security stuff is boiler-plate. Yes, you need excellent security to stop some scrote coming over your firewall and stealing everything, but these days, that security should allow you to do all the things you still need to do, without resorting to disks in envelopes.

If PA Consulting are acting as consultants, why should they have live data ? Why were they not given anonymised data. The data protection act should be used to enforce this. So why is the Data Protection czar not prosecuting the Home Office and PA consultants.

For all the good these quangos do, Data Commisioner, Ofcom etc they should start an FA consultants to do what they are good at - sweet FA.

You forgot to add your imaginative suggestion to the end of your post.

The person who lost the data was 'breaking the rules'. So obviously the system isn't really insecure, because that person shouldn't have been so naughty.

All we have to do is make sure that the naughty people are spanked, and then the system which lets them spray confidential data all over the landscape will be perfectly and absolutely secure because they'll know not to do that anymore.

well said. Same goes for un-encrypted wireless communication of private data etc.

But data leaks can be prevented by using encryption. Well until you realise it's an offence to have data you refuse to decrypt if the police demand it. I guess that's why encrypted data is often supplied with the appropriate passwords on a post-it note.

I know this is off-topic but I see this abuse of the English language in almost every thread and Gordon Prya is one of the chief offenders.

WHEN SOMETHING IS LOST THE TERM IS 'LOSE' NOT, I REPEAT, NOT 'LOOSE'.

It's really very simple.

LOSE not only means to be defeated in a game or battle or some similar event, it also means to misplace something to the effect that that thing, object, abstract or otherwise cannot be found.

LOOSE means something that is not tied or stuck or held down tightly, or something that, in all probability, could be tighter.

Paris because I bet by now she could be a bit tighter.