The Government data loss thread

Thought we could start a thread in which we can record reports of data losses by state and third sector agencies. Let's see how long it takes for the first ContactPoint data loss to be reported (occurrences will obviously outnumber reports as cover ups are likely, as in the RAF case).

I'll kick it off with

Blackmail fear over RAF data loss , reported 25 May 2009

NHS 'loses' thousands of medical records, reported 25 May 2009

BBC confirms loss of children's data, reported 8 August 2008

Isn't it reassuring to know how safe we all are on their databases, memory sticks and laptops in the boot of their cars.
 
Bank details on stolen laptops

Laptops stolen from a civil service human resources office in Belfast contained personal financial details of staff members.

The computers were taken during a break-in at Department of Finance and Personnel offices at the weekend.
Lost data included
"...employee name, home address, payroll number, National Insurance Number and date of birth.

Separate details of some individuals' bank or building society accounts were contained on one of these laptops.
 

Renegade Parent

Well-known member
Oh - got a good one here (unsure if any data was actually lost - but it was certainly compromised):

"HMRC tax records centre left unguarded by Mapeley, who also run the Passport / ID Card interrogation centre buildings"

Well, the poor love needed a burger and some time out with friends.
 

Admin

Administrator
YJB computer theft could put children at risk

YJB computer theft could put children at risk
Laptop computers and discs potentially containing personal information on children have been stolen during a break-in at a Youth Justice Board (YJB) building.
In May CYP Now revealed a number of YOTs were stalling on using the new Youth Justice Management Information System (YJMIS) database amid fears it risks identifying children.
The burglary is the second time in 18 months the YJB has been targeted.

In December 2007 the organisation's headquarters in Carteret Street, London, were raided and two laptops stolen after the electronic lock on the front door was deactivated.

Following that burglary the YJB announced it had tightened security at its offices.
 

Elaine Kirk

Super Moderator
I posted another data loss story today it is endemic!
I was going to wall the link you gave but wondered if it is ok to link direct to the forum discussion ? is this thread public ?
 

Admin

Administrator
I posted another data loss story today it is endemic!
I was going to wall the link you gave but wondered if it is ok to link direct to the forum discussion ? is this thread public ?
Yes, this is the public forum! Feel free to link away.
 

Admin

Administrator
Cop fined for looking up friends on police database

Cop fined for looking up friends on police database

A POLICEWOMAN who illegally looked up information about her friends on police computers has been fined £1,000.
The court was told the police force is now supervising the training of new officers and is retraining existing police on their use of the Data Protection Act
How reassuring (not).

Her solicitor, David O'Hagan, said Wong had begun "innocently" looking for information about two people she knew.

"Her interpretation as to what she could access was obviously flawed," he said.
 

Admin

Administrator
NHS Lothian falls foul of the Data Protection Act

Thanks to Stuart at EasyPC Scotland for flagging this up on his blog: NHS Lothian falls foul of the Data Protection Act

This extract will be especially reassuring for Sheila:
Ken Macdonald, Assistant Information Commissioner - Scotland, said: "Personal information has a value. It is vital that people's personal details are handled securely in line with the Data Protection Act."
Read the ICO report here.
 

Admin

Administrator
Nine sacked over National Identity Scheme breaches

Nine sacked over National Identity Scheme breaches

Nine staff have been sacked from their local authority jobs for snooping on personal records of celebrities and personal acquaintances held on the core database of the government's National Identity Scheme.

They are among 34 council workers who illegally accessed the Customer Information System (CIS) database, which holds the biographical data of the population that will underpin the government's multi-billion-pound ID card programme.
The disclosures, obtained by Computer Weekly using the Freedom of Information Act, will add to calls for the government to come clean over the security of the National Identity Scheme.

The CIS database, run by the Department for Work and Pensions, stores up to 9,800 items of information on 92 million people, including sensitive data, such as ethnicity, relationship history, whether someone is being investigated for fraud and whether they have special needs.
ADVERTISEMENT

Freedom of information requests by Computer Weekly, have uncovered a string of breaches by council workers:

* Cardiff and Glasgow councils sacked staff after they looked up celebrities' personal records
* Tonbridge and Bromley councils sacked workers for looking up their friends
* Brent sacked someone who looked at their girlfriend's details
* A worker at Torfaen was sacked for looking at his own details

But this may just be the tip of the iceberg. Many of the breaches were discovered after sample checks, raising concerns that other breaches may gone undetected.
Gus Hosein, a management systems academic with the London School of Economics, said that breaches were inevitable.

"Human nature and the propensity of governments to abuse privacy means that the only real safeguard is to not collect this information in the first place," he said. "Create a central store and you will get abuse".

A DWP spokesman said, "The small number of incidents shows that the CIS security system is working and is protected by several different audit and monitoring controls, which actively manage and report attempts at unauthorised or inappropriate access."
Full list of security breaches

:eek:
 

Diane

HEdups
QUOTE: A DWP spokesman said, "The small number of incidents shows that the CIS security system is working and is protected by several different audit and monitoring controls, which actively manage and report attempts at unauthorised or inappropriate access."

I love this insane logic. We have had a small number of security breaches which shows the system is working!

On which planet do these crazy people live?

Do they even hear themselves? Check over the words before they burble them out? Do they have a passing acquaintanceship with reality?

Ah, the spin goes on...

Diane
http://www.threedegreesoffreedom.blogspot.com
 

Sheila Struthers

Well-known member
Trade body loses laptop full of driving conviction data

http://www.theregister.co.uk/2009/08/21/trade_body_data_policy/

A trade body has lost a laptop computer containing the personal details of 37,000 people and information on 1,900 people's driving convictions. The information was kept on an unencrypted laptop which was stolen from a locked vehicle.

Repair Management Services of Blackburn has promised the Information Commissioner's Office (ICO) that it will improve its data security and that it will encrypt laptops or any other machines which carry personal data no later than next March.
 

Admin

Administrator
They should have gone to Easy PC Scotland for encryption services. Check out their blog for a list of data protection offenders.

Thought I would take the opportunity to include a shameless plug for Stu of Easy PC Scotland who is one of this site's little techie helpers and provides our hosting via Equiphase.
 

Sheila Struthers

Well-known member
Home Office coughs to larger data loss Another 250,000 records lunched

The Home Office has admitted to losing a quarter of a million more records than it originally thought.

The figure is revealed in its Resource Accounts for 2008-2009. PA Consulting lost a memory stick last September, which was originally reported to contain details on 127,000 people. In fact the stick, which remains lost, contained records on 377,000 people, Kable reveals.

The extra quarter of a million people are users of the Drugs Intervention Programme and are identified by initial, rather than full name, so shouldn't be at too much more risk of ID theft.

The original figures were for the entire 84,000-strong UK prison population, along with 10,000 frequent offenders and 33,000 people with at least six recordable offences.

PA lost that contract over the screw-up, but it remains the Home Office's favourite consultancy. The department paid PA £24.5m last year - up from £8.4m the year before - thanks to increased work on the National Identity Scam/Scheme and the Interception Modernisation Programme, Kable notes.

Deloitte and Touche came in second place, with a pork barrel stuffed with £21m of our money. KPMG scored £16.2m, up from £4.6m in 2007-2008.

The full report is available here as an 89 page pdf. ®
 
Top