You say "Astonishingly, the data was lost two months ago, but was not reported to top management (er... Jack Straw) until yesterday." but according to both the BBC and The Times the data was lost in July 2007 by EDS and only notified to the government by EDS in July this year. Perhaps EDS were waiting to see if any (mis)use was made of the data? Now they can claim that it has had no effect so they can avoid any penalty?
Wat, it's far, far worse than you suggest. Your list is the tip of an iceberg the size of the Arctic:
"Breaches relating to mobile phones and computers containing confidential numbers and information about the public have risen to an average of ten a day, up from eight a day in the previous year. In all, there have been 1,993 data breaches since October 2007, with the one year figure likely to exceed 2,700."
http://business.scotsman.com/per...-
are.4420838.jp
"Among the four million losses were the National Insurance numbers of 17,000 people, the theft of a laptop with encrypted details of 17,000 Sats markers, three million records of driving-test candidates in May 2007 [Wat, you mentioned this one] and a Ministry of Defence laptop that held 620,000 personal records, including bank account and National Insurance numbers and limited information on 450,000 people named as referees or next-of-kin by would-be servicemen and women.
As revealed last week, the Ministry of Justice also lost information affecting more than 45,000 people [in addition to the Home Office/PA breach?], in some cases revealing their criminal records and credit histories, in the 12 month period. The Home Office lost the personal details of 3,000 seasonal agricultural workers – including their passport numbers – when two CDs went missing in the post."
http://www.publicservice.co.uk/n...ic=e-
government
"A memory stick containing information about the STI tests of 146 people has gone missing from the Chelsea and Westminster Hospital. All patients have been informed of the loss. The stick is assumed to have been stolen on Thursday 21st August."
http://www.pinknews.co.uk/news/a.../2005-
8916.html
"December 23 2007: Nine English NHS trusts admit to losing patient records. One case is thought to involve City and Hackney Primary Care losing the names and addresses of 160,000 children.
January 18 2008: Hundreds of documents containing sensitive personal data are found on a roundabout in Devon. They include details of benefit claims, mortgage payments and photocopies of passports. Confidential data had previously been found at the same location on November 6 2007."
[plus a further seven already mentioned]
http://www.guardian.co.uk/uk/200...rss&
feed=uknews
Don't forget the senior civil servant who left top-security documents on his commuter train with intelligence assessments about Iraq and al-Qa'eda, and his civil service colleague who left behind on another train sensitive documents about terror financing.
The ContactPoint database of all children must be scrapped along with ID Cards.
"a computer security research fellow at the Oxford Internet Institute, said that the scale of the [ContactPoint] database posed huge risks. 'When you have got more than 300,000 people accessing this database, it's just very difficult to stop the sale of information.'"
Not even MPs are confident that their own families' data will be kept safe. It is understood that shielding has already been put in place for the children of MPs.
"People wanting information on children for malign purposes will now find virtually everything in one place," Baroness Miller told The Register. "However, the limited uses originally envisaged to make information sharing between agencies for the benefit of children have now been far exceeded." She concluded, bluntly: "ContactPoint could well be a disaster on several fronts."
http://www.timesonline.co.uk/
tol...icle2332307.ece
http://www.theregister.co.uk/200..._more_problems/
Can't all this stuff be made undownloadable, unprintable and accessible only on an intranet system?
I once worked in an office where we kept the personal details of several thousand very eminent people. The security system was a set of bars which were locked over the cabinets at the end of the day, the keys then left, according to tradition, in the top right-hand drawer of the office manager's desk. The building itself was highly secure, and all the staff had to be PVd before being allowed to work there. In all the time the records were kept in that way there was not one security breach. It can be done: it's just that current work practices are incredibly sloppy.
No government can honestly support ID cards and keep a straight face in light of these data issues. Strange that we don't hear about anything on a similar scale in other countries, though - does that mean it only happens here?
http://lettersfromatory.wordpress.com
Vey interesting video clips of Guy Herbert from no2id talking about id cards here:
http://www.conference.westbourne...media/
media.htm
Breaking news today:
http://www.telegraph.co.uk/news/...y-
pensions.html
I haven't yet seen any approval of this excellent proposal by the Conservatives.
PA today had the relevant contract with HO cancelled (the one during the execution of which the memory stick with details of criminals disappeared) and its other contracts with them are 'under review' (Evening Standard). In another part of the cesspit, the Evening Standard reports that the Sats fiasco firm is blaming the Simple Shopper for 'delaying decisions' and interfering. Today I was talking to a civil servant who had just told us that he is a policy wonk, and he was silent when I told him that he needed alongside him, at the same rank as him, someone who understands service delivery.
Commenting by HaloScan
