.comment-link {margin-left:.6em;}

Monday, January 12, 2009

Lessons learned?

This morning's Daily Telegraph indicates that the Government has failed to learn the lessons from losing 30 million personal data files in two years.

They tell us that staff are still able to copy unencrypted information from internal databases on to USB sticks, the portable memory devices that have been involved in many of the recent high-profile security breaches whilst the health and transport departments – as well as the Driving and Vehicle Licensing Agency – have failed to make encryption mandatory despite the recommendations of a Cabinet Office report last year:

The Department for Children, Schools and Families and the Ministry of Justice are among the major departments that allow the copying of data of encrypted data onto memory sticks, but it is not clear whether the encryption is actively enforced.

The Department of Business, Enterprise and Regulatory Reform is one of the few departments to force encryption on memory sticks.

And they wonder why we have concerns about the National database they are planning to back up the introduction of ID cards.


The sooner that government (at all levels) standardises on diskless (and USB-less) work-stations the better. There should be a ban on connecting lap-tops to office networks, too.
When USB ports, DVD and CD drives can easily be removed from all Desktops, why isn't this being done as standard?

It should be a criminal offence to carry personal information on a memory stick or other recordable mediums.

If my information was lost by a civil servant or any other body working for the government what redress could I have in the courts?

It's about time people took the law into their own hands and started suing these individuals.
Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?