HOW MUCH DATA HAS BEEN LOST?

Extent of Data Loss

Several government departments have been involved in the loss of personal data, Sensitive data potentially affecting more than four million people was lost by government departments in the year to April.

Whitehall departments have included details of personal information losses in their annual financial statements. Cases included the loss of the National Insurance numbers of 17,000 people and the theft of a laptop with encrypted details of 17,000 Sats markers.

The details of 25 million child benefit claimants vanished last year. This led to the recommendation that government departments should give details of personal data losses.

The 12-month period to April saw the Ministry of Justice losing information affecting more than 45,000 people, in some cases revealing their criminal records and credit histories.

The Home Office lost the personal details of 3,000 seasonal agricultural workers - including their passport numbers - when two CDs went missing in the post. In five separate cases, the Foreign Office lost information affecting about 190 people.

There were six occasions when the Department for Transport misplaced personal data, including three million records of driving-test candidates in May 2007. The Ministry of Defence lost an unencrypted laptop, a matter on which Defence Secretary Des Brown reported to the Commons in January.

The computer contained 620,000 personal records, including bank account and National Insurance numbers. It also held limited information on 450,000 people named as referees or next-of-kin by would-be servicemen and women.

LAPTOP BLUNDER BY MINISTRY OF DEFENCE

MINISTRY OF DEFENCE

After another fiasco with the theft of Ministry of Defence laptop from the Britannia Adelphi Hotel in Liverpool, there has been more than a few bungling lapses in security. Over the last four years 659 MoD laptops have disapeared. Twice the amount than previously reported.

This adds up to losses on average, of one laptop every two days containing sensitive data, many of these were stolen rather than lost. Only 32 of the machines have been recovered, also 90 desktop PC's, a number of PDA's and USB drives are all unaccounted for.

GOVERNMENT TO COMPLY WITH NEW DATA SECURITY RULES

Strict Guidlines on handling sensitive data

All Government departments will have to encrypt important information held on computers and other media, with staff undergoing annual mandatory training to ensure they comply with the new rules.

The changes have been brought in after a review was commissioned following the loss of two computer discs containing sensitive personal data by junior officials at HM Revenue and Customs (HMRC).

The review, commissioned by Gordon Brown in November last year, sets out the wide range of actions that have already been put in place to improve data security and outlines what will be done to strengthen policies further.

Action already taken to improve security includes the Cabinet Office issuing new, stricter guidelines on the handling of sensitive personal data, 90,000 employees at HMRC being given additional security training and the encryption of 20,000 laptops at the Ministry Of Defence.

Improvements that will be introduced will include stronger accountability. This includes defining and enhancing data security roles within departments to ensure clear lines of responsibility.

Personal data held on notebook PCs, USB memory keys, computer discs and other media will have to be encrypted; compulsory testing of the systems used will be carried out by independent experts to test how secure these are.

SENSETIVE INFORMATION LEFT ON TRAIN

Terror Secrets Blunder

A passenger on a London train found sensetive files about Al-Queda, the files contained a document on Al-Queda called Constraints and Capabilities, which was marked for UK/US/Canadian and Australian eyes only.

The paper was commissioned by the Foreign Office and Home Office. Counter-terrorism detectives were trying to find out who else could have seen the papers or if they had been copied.

Officers will also want to know why such sensitive information was removed from the Cabinet Office and who authorised it.

Neither of the papers are believed to list the names of British Intelligence Informants or sources of information.

It follows the embarrassing loss of two discs containing the tax details of 25million people last year, which led to the resignation of Head of HM Revenue and Customs, Paul Gray.

ID CARDS COULD THREATEN PRIVACY

ID Cards

A group of MP's have warned the government to limit the amount of data collected from citizens for the ID Card Scheme, to avoid becoming a surveillance society.

The Home Affairs Select Committee has called for proper safeguards on the function of ID Cards to stop "function creep" threatening privacy.

The Ministry of Justice has said it had to balance protecting the public and a right to privacy. It wants a guarantee the scheme will not be expanded without MPs' approval.

The National Identity Scheme is due to roll out later this year, and will eventually hold details of everyone in Britain over the age of 16.

The committee accepts the governments assurance that the scheme will not be used as a surveillance tool and that they should only collect data that is essential, to be stored only as long as is necessary.

FINES FOR DATA LOSS

Civil Offence

Organisations guilty of data loss will face large fines after an amendment to the Criminal Justice and Immigration Act. Although the implications which faced organisations concerning data breaches are not as serious as people wanted, it still gives the Information Commissioner's Office (ICO) stronger powers.

Initially the Liberal Democrats wanted to have serious data breaches made a criminal offence. The act which was passed by the Lords in April, despite opposition from the Government, but to stop the Government's majority in the House of Commons overturning this decision and throwing out the amendment, it was downgraded.

Now if an organisation deliberately or recklessley breaches the Data Protection Act (DPA) it will only be a civil offence. The new legislation means the ICO can impose large fines on those who breach the DPA, previously it only had powers to issue an enforcement notice.

HM REVENUE AND CUSTOMS

More Than Your Jobs Worth

Recently an MP has revealed that over 600 staff at HM Revenue and Customs have been disciplined for looking at taxpayers' personal histories without permmission or a proffessional reason. In 2005 238 people were disciplined, 180 in 2006 and 192 in 2007. Some employees only got reprimanded, but a large number were fired. The HMRC has a strict policy which forbidds staff from accessing customers records unless they have a legitimate business reason. How many more are doing this that we don't know about?

Active customer service discussions in Twitter

Loading...

Get Satisfaction support network

DATA SECURITY CONCERNS

Publics Concerns

According to a new OFCOM research, two thirds of people are concerned with the amount of personal information held about them by companies. Concerns about identity fraud and security surrounding personal details have risen by 15%. However, more people who use the internet are willing to give account details and other information online compared to 2005. This could suggest that more people are careful about the websites they are using.

Just 59% are more confident in knowing whether a website is truthful or reliable, while the majority of people make a judgement about a website before entering personal details. 11% do not enter their details and 16 - 24 year olds are more relaxed. The report is part of research into media literacy in the UK with the aim of protecting consumers who use digital technology.

Research found that households with children between the ages of eight and eleven years old are more likely to limit viewing of television through pin numbers and passwords, than in 2005. Astonishingly fewer households are using software or controls to regulate childrens internet access, with four out of five parents stating they do not need to because they trust their children to be responsible.

The study also found that one in three adults have concerns about mobile telephones, including risks to society and affordability. Around two thirds of older children agreed that violence in computer games affects people's behaviour, while 68% of adults believed that it could affect a behaviour.

GOVERNMENT WANTS LOG OF WEB USE

Tracking of Internet Usage

The changes to the communications data bill, were announced by Prime Minister Gordon Brown earlier this month. The proposals would implement the remainder of the European Union's Data Retention Directive.

In October 2007 the government put forward the first part of the regulations, which require telecommunications companies to keep records of phone calls to and from landlines and mobile phones.

ID CARD SCHEME

ID Cards Risk Of Fraud

The Independant Scheme Assurance Pannel (ISAP) has admitted in its 2007 annual report that the National ID Card Scheme is at risk from fraud by the people running it. The Government-appointed panel which was set-up to advise the Government on the implementation of ID cards, said the scheme would “aggregate a lot of valuable data”.

They suggested that there would be a risk of administrators abusing the situation, especially if they were offered a lot of money by someone wanting to use the details for criminal activities. One cause for concern by the ISAP was that the government did not have an appropriate way to database personal details.

The main problem was that the data will all be kept in one place, this could make it much easier for mass data loss. To minimise the risk of staff stealing and selling on people’s data, the ISAP said the Government had to monitor individual staff members and how they were using data.

The Identity and Passport Service, the department in charge of the ID Card scheme, said it welcomed the ISPA’s recommendations. It said it would identify the right people to govern the data and work to get a clear view of the relationships between all the data held as well as the relevant legislation and policy.