Another case data loss by UK Government another case of deja vu

by Michael Smith

Slowly but surely the feeling of deja vu overcomes one when one hears how well the British government, either directly or via private contractors and subcontractors, deals with the private data of its citizens and employees.

On Saturday, September 6, 2008 the Justice Minister was informed of the fact that a contractor to the government has lost a hard drive with the private and personal information of 5,000 prison service staff. While it is, obviously, worrying enough that such a hard disk has been lost, the most worrying part is the fact that it has been lost for about a year already and only now the company acting as a contractor to HM government had the integrity to actually inform the relevant department of the fact that this hard drive is gone, lost, cannot be found.

First question in my mind, aside from the fact of asking what took them that long to admit the loss, is how on earth you can lose a hard drive. While, I am sure, we all, to some extent, can understand how one could mislay and lose an USB stick or a CD with data, losing a hard drive, whether, and we have not been told, this is one that actually sits in a PC or is removable, is something entirely different. This loss in my mind smells to high heaven of theft, probably stolen for financial gain. What is the bet that none of the data held on that hard drive is encrypted in any way, shape or form?

So far we have one incident after the other of data loss from the offices of the British government and/or its contractors or subcontractors and they still expect the people to trust them with personal data.

They tell us that the data for the new passports and the ID cards that they want to introduce on a voluntary compulsory basis (yes, that is a contradiction in terms) is going to be completely safe and cannot be misused (ever) by anyone.

Right, sure, and on an airfield nearby a squadron of pigs is preparing for takeoff.

The same contractor that recently has lost data on the stick and in other ways is the same one that has the contract for the national ID card scheme. That really inspires confidence – NOT. In addition to that hackers have already announced that they are capable of getting into the chip on the passports and ID cards and that they can alter data or extract data from them.

Not that they seem to need to do that. All they need to do is watch the employees of the contractors losing USB sticks and such.

The way this country, in government and banking, is dealing with data is making the UK a laughing stock amongst the countries of the world as far as data security is concerned. Small companies have, more often than not, better security measures in place as regards to their data sticks and such than, it would appear, the British government and all its branches. Worrying indeed, this is.

© M Smith (Veshengro), September 2008