UK data losses keep growing
Government and private sector still failing basic tests
A Freedom of Information request by infrastructure specialist Software AG reveals that more companies and government departments than ever are reporting data losses to the Information Commissioner's Office.
There were 356 self-reported data losses this year - between November 2008 and September 2009. This compares to 190 incidents between October 2007 and November 2008.
The biggest cause of loss, 127 incidents, were due to stolen hardware, usually laptops. Another 71 were blamed on lost hardware, typically memory sticks and 78 due to data disclosed in error - misaddressed discs or memory sticks - both of which could be easily avoided by using basic encryption and secure online delivery. Some 24 data loss incidents were blamed on couriers or the postal service.
Unsurprisingly Software AG does not think this is an indication of the success of the ICO's voluntary scheme which asks CIOs to report data losses. Rather it suggests that companies and other organisations are still failing to put in place simple technologies and procedures to stop such losses.
The last figures released by the ICO itself, in October 2008, showed 277 incidents since Her Majesty's Revenue and Customs lost the child benefit database a year earlier. 80 of those incidents came from the private sector, and the rest from various government departments, local authorities and health authorities.
Tim Holyoake, lead technologist at Software AG, said the problem should be declining not getting worse. He said: "Organisations are failing to learn from previous examples. Few data losses have occurred where organisations have invested in secure, electronic data transfer technologies. This begs the question, why aren’t CIOs insisting on greater use of these solutions?"
Maybe the postal strike will get people using secure, electronic data transfer. ®
"Hence IT positions in quangos (and other tentacles of government) tend to be occupied by second-rate people for whom the words "encryption" and "security" might as well be in a foreign language"
Really?? Which Quangos? Most have better encryption and security than Private sector (who wait for a loss to happen and (as The Vociferous Time Waster says) then pay the fine). In my experience, it's some of the BEST candidates, but they are governed by red tape and other such confines.
Name the Quangos that you speak of, go on... In fact, do an FOI and see for yourself..
Can it be blamed on NuLabour?
I have to wonder if NuLabour's love of quangos has something to do with this. Every time a new quango is erected, it needs an IT department, and there simply aren't enough good IT people to fill all the slots Britain already has. Hence IT positions in quangos (and other tentacles of government) tend to be occupied by second-rate people for whom the words "encryption" and "security" might as well be in a foreign language.
I also wonder if the prevalence of the faux-credential MCSE has something to do with incompetents being hired by stupid HR departments.
Oh FFS this is crazy...
We are leaking information like a Sieve!. The politicians work bloody hard to protect their own information like their expenses data from leaking for years, even after freedom of information requests, (and its our money they were taking!), meanwhile they continue to leak our data in all directions exactly like they don't care about us.
So the big people get their information protected meanwhile all us little people are wide open to exploitation from all our leaked information. So maybe a Sieve is a very good analogy, because it catches the big stuff and leaks everything else.
I was only saying yesterday that its starting to look like the UK will be the first country in the world to offer total open source intelligence on its entire population! :(
I'm sure most of these leaks are incompetence (i hope), but I do wonder if some could be paid for leaks? ... Opps lost memory stick or even a laptop on a train ... and got 10k in an envelope as compensation! ... thank you very much stranger. It would be cheap for crooks to use this method to get access to so much data. (Cheaper than hiring a team of hackers). (Plus how many just copy the memory sticks and don't even loose them). Corrupt companies, Spies, Spam & Identity Fraud people must be loving the UK. "Loose" whatever you like, no problem. Meanwhile our greedy rich control freak elite can sleep safely knowing all their double dealings are buried under many layers of protection backed up with criminal laws to burn anyone who dares to leak their data. Yet as usual, they remain ignorant of our ever growing anger at them all. The whole bloody lot of them keep showing they are corrupt and incompetent.
You can also create an AES 256 bit encrypted disk image (DMG) file on OSX. Kind of like an OSX truecrypt without the more useful functionality. Handy all the same though.
That shit costs money. We can just report the loss to the ICO and then we're fine and our ass is covered. The reason so many people are reporting data loss is because there are no repercussions so it's stupid not to.