With the Ministry of Defence's loss of more than half a million personal details from a car in Birmingham, the best that can be said is that it's nearly 24.5 million fewer records than HM Rrevenue & Customs managed.
No doubt Gordon Brown will be announcing this as a 98 percent reduction in serious stupidity per quarter. Even at this rate, however, the entire country's private information will be in criminal hands by 2012. The Home Office could save time by starting up an RSS feed.
Such levity may not be appropriate to the scale of the problem, but it's matched by the lack of practical concern shown by the civil service and its masters. Reviews have been set up and investigations launched, but these are foundering due to the sheer scale of internal disorganisation they're uncovering. With nobody in charge, nobody can be brought to book.
This is the first thing that must change. We don't much care who takes control, as long as they're competent, open and ruthless — a combination of Alans Turing and Sugar — but clarity of purpose and lines of command are essential.
The policy that's needed is one of zero tolerance to mass unencrypted data beyond the firewall. The only time your address should be visible to the outside world is when it's printed on an envelope and handed to the postman. No more laptops with files in clear text. No more CDs in the mail. And no more junior officers, managers or civil servants running around with half the population's private details at their command. Access to this information en masse has to be taken as a serious responsibility, by organisations who understand how to structure such things with suitable checks and safeguards.
We're no longer in the age when massive buildings full of manilla folders define the state's knowledge of its citizens. We are also no longer beholden to the idea that systems, as well as their contents, must stay secret. Public review of safeguards and protocols is a must: assume people know how things work, assume mistakes will happen, and demonstrate that this openness and these mistakes don't matter.
Until the public servants can do this, there is only one reaction to any future plans to increase state data holdings, such as ID cards and databases: loud, raucous and unstinting laughter.
Talkback
there is no need for data between government departments to be transferred by CD. There is a network called the GSX which is a secure intergovernmental network for the secure transfer of information. Why is this not getting used?
The main problem is there does not seem to be any standards enforced in government. Rather than getting iso9000/9001 government goes for a meaningless charter mark certification. Also most don't have bs7666 if they had both of these in place and set up properly then these issues would not arise.
The main problem is lack of understanding of IT Systems and how they work. To Analyse Data from a database you do not need to take it off of the database and store it locally.
The solution to this problem is to bring all IT systems and staff back into government and train staff properly. With fully documented procedures on how task should be under taken and if the task is not document then the information security officer should be consulted so that a proper procedure can be established.
All staff should be aware of these procedure and any failure to follow procedure should be dealt with by two strikes and then your out. i.e get caught doing something not in the procedures you get a warning and sent on training, IF you do it again second warning and sent on more training. Do it a third time you get the sack.
Its not rocket science it just good practice.
We've seen the endless variety of ways in which the government and other central agencies have found to lose data and we've seen a corresponding number of inquiries into how it happened and how we can mitigate the losses in future, such as AES encryption, etc.
But this only addresses (or apparently doesn't!) the symptom, data loss. The common thread in all these incidents is that data was being moved outside the secure owning data centre. That is the cause and that is what should be addressed. The previous poster points out that secure networks technology exists and so, with that in place, I suggest that sensitive data should NEVER leave the data centre in which it resides. There, it can be fully secured. Then use the secure network to allow legitimate access to the data only for the purpose and duration for which it is required. When processing is complete, the secure network can disallow further access.
Can data centres be secured in this way? Yes, but not with commodity servers. The minimum requrement would be an IBM System z, running zOS - not zVM, not zLinux, not "toy department" commodity servers - industrial strength is mandatory here. zOS and its predecessor, MVS, have never been hacked.
As the previous poster said, it isn't rocket science, just common sense, though in the case of these data losses, "common sense" may be an oxymoron!