There has been more broughaha this week about the latest embarrassing loss of highly sensitive UK Government data (prisoner and convicted persons data), which was blithely downloaded (unencrypted) to a USB memory stick by a PA contractor and then misplaced/ lost.
Home Office Minister Tony McNulty was promptly trotted out to expiate departmental responsibility for this latest evidence of appalling lack of security. According to McNulty, the Home Office “protocols” intended to prevent data loss had been breached by downloading the data to an unencrypted USB stick.
It’s time Government Ministers woke up and smelled the coffee. Relying on protocols to protect data is folly. Sensitive data needs active protection.
The Justice Ministry lost the data because it could be lost, period.
The only way to protect data effectively is to instigate real security measures that actually prevent such downloading.
After all, would the Home Office let anyone walk into a building and freely photocopy the contents of a secure document registry?
This is particularly disappointing because the problem has been in the public domain for years. I wrote about the threat in 2004 for Computer Weekly but the simple fact is that the Government doesn’t seem to take data loss seriously. If they did, we wouldn’t still be getting such regular embarrassing data losses, almost week in, week out.
You may also like to read:
It could be worse … maybe. http://notnews.today.com/?p=36