Monday, December 17, 2007

3 million UK driver details lost in Iowa

Well you can't deny the "review" into data security isn't turning things up can you? I bet Brown is cursing the fact he announced it. I just walked past the TV screen at the front of my office and Ruth Kelly is making a statment that a hard drive with 3 million driver license details has been lost in Iowa of all places.

:-|

More here.

Update: Seriously though, I said in November that HMRC might just be the beginning. The review that has been laucnhed across Whitehall looks like it is going to show systemic failures. The information security implications are huge, but the political ramifications could very well destroy the Government in the New Year if another Secertary of State has to come to the house and admit that the whole basket of eggs is broken.

11 comments:

judith said...

Some four years ago, I was told that tax offices were in such a state that current files were being put in black plastic bags, which were then being thrown away as rubbish by the cleaners.

Did you note in the BBC report that police say the two HMRC discs may have been thrown away with the rubbish?

mitch said...

Still no resignation what will it take ?.

Unixman said...

Why the f*ck wasn't some form of encrypting filesystem used? Or Full Disk Encryption ....

Gareth said...

Driving Standards Agency press release.

Pearson Vue case studies.(Inc. DSA)

It is reported the missing hard drive was formatted “specifically to fit Pearson configuration and as such is not readily usable and/or accessible for third parties”. Encrypted, just password protected or part of a raid array that would render the disk useless without the other/others?(I type as an ignoramus on such matters) Seems a little coy to me. If it were encrypted you'd think they would just say so.

A tin foil hat aside - if information gets exported to the US I wonder if Homeland Security would be allowed to look at it without so much as a by your leave.

John Sandell said...

I know we live in a global economy, but one might ask why it's necessary for DVLA to send data to the US for analysis.I believe the lost teachers' data also went to the same place. Just what sort of specialist number crunching are Pearson Vue doing that can't be done here?

sturgess said...

I think the strategy is spot on. Hold your hands up to everything you find wrong. Don't hold back, if you find a mess come clean. But make sure it's the last time you have to apologise. That way, when the shit starts to hit the fan for the other lot, and you know it's going to, sit back and enjoy, and on that glorious day call the election.

mitch said...

will the children's database be found in Lapland this year?

dreamingspire said...

Licence, Dizzy, please! I have been following this data security saga now for 8 years. Govt has had an Information Assurance policy for at least 5 years (lots of docs published by Cabinet Office in 2002), but does not requires its own organisations to follow it - its a Cabinet Office policy, see, not mandatory unless Cabinet Ministers all agree to impose it on their depts (and they didn't). I remember talking to an official in DTI about it, and he was not aware that ICT had progressed as far as it had in the public sector. Asked what he would do, he said that he would tell his manager. Asked what his manager would do, he said that his manager would inform the SoS. Asked what the SoS would do, he said that the SoS would take the problem to Cabinet. I wish I had asked when the DTI would be closed down - now I know the answer. The policy was refreshed this year and re-launched in the summer at IA 07, Doesn't seem to make any difference.

Kafka said...

What is this data doing in the US anyway? This is a direct contravention of EU data protection law. Will the Government be prosecuted or are they totally above the law?

dizzy said...

Afraid it isn't because of Safe Harbor

Fidothedog said...

Can we issue the government with clown suits, red noses and large plastic flowers that squirt water?

Clowns the lot of them.