Information Age: News, analysis & insight for IT & business leaders

 
2 September 2010

Government slammed by data breach reports

26 June 2008  

The MoD and HMRC are being called to account over two high-profile incidents of data loss

The MoD and HMRC have been hit with enforcement notices from the Information Commissioner’s Office (ICO), following the release of two damning reviews into major data breaches.

The HMRC lost a pair of discs containing personal and financial details of 25 million people under the Child Benefit scheme, while the MoD lost a laptop containing details of 600,000 people.

The departments will be fined if they fail to adopt the recommendations in the Poynter and Burton reports, into the HMRC and MoD respectively.

Information Commisioner Richard Thomas said while the major data-loss incidents had been well publicised, “It is deeply worrying that many other incidents have been reported, some involving even more sensitive data.”

HMRC claims already to have implemented 39 of the 45 recommendations contained in the Poynter report at a cost of £155 million; these include the appointment of a senior official to the post of ‘director of data security’ and ‘data guardians’ in each department, imposing a complete ban on the transfer of unencrypted bulk data to removable media, and disabling the download function on all laptops.

Chancellor Alistair Darling apologised “unreservedly” to the House of Commons over the incident: “It is quite clear the loss was entirely avoidable.”

The MoD has also accepted the 51 recommendations in the Burton report. Both government departments must provide annual progress reports for the next three years.

Meanwhile Justice Minister Michael Wills is calling for “data minimisation”, a model that would avoid “gigantic databases where anyone can go and search. I think the security implications of that are horrendous."

“There is a clear need for radical change in government in how we handle data. We don't handle data in the same way as we handle money, and I think we should,” he said.

Further reading

Data theft is a people issue It is important to understand the legal context for guarding against data theft, says Warren Wayne of law firm Bird & Bird.

Little faith in ID safeguards Internet banking and retailing could easily be sacrificed for identity protection.

Find more stories in the Security & Continuity Briefing Room


Comments 

There are currently no comments on this article

People who read this also read...

NHS manager suspended over latest data loss

The ICO is investigating whether the loss of 21,000 patient details by an NHS manager constitutes a breach of the Data Protection Act

Profitability or bust Mercator struggles on

Mercators new management team has begun to pull the company out of its loss making spiral, however, the company has a lot of hard work to do to convince customers and investors that it can stay afloat in the long-term.

Interwoven buys iManage for $171m

Interwoven extends reach into collaborative content with iManage acquisition

Month in review

October's news reviewed.

Instant messaging hole identifies users to Microsoft

A new security flaw has been found in Microsoft's instant messaging software that could be used to identify individual users and their friends.

 
Advertisement

White Papers

Read article

10 Mistakes when Buying a Business Phone System

Whitepapers

Why learn things the hard way? Here are 10 mistakes to avoid when buying your business phone system.

Read article

10 Questions to Ask Your Hosted IP PBX Provider

Whitepapers

This informative best practices will help you understand the crucial questions and the information you need to understand before you buy.

Read article

10 Steps to an Enterprise Mobility Strategy

Whitepapers

Regain control of your enterprise mobility strategy with these ten steps.

More