Saturday, January 26, 2008

Cabinet Office bans people taking mobile phones out of Government buildings

We all heard about laptop losses this week, and The Register has a leaked email with the new rules that the Cabinet Office has sent out. The new rules are that no mobile storage devices of personal data can be taken off secure premises, and personal data is defined as
Any information that links one or more identifiable living person with private information about them” or “Any source of information about 1000 identifiable individuals or more, other than information sourced from the public domain.
So that includes the mobile phones of civil servants and spin doctors doesn't it? UNless of course they use silly names. The email also states that
Clarification has been given that this applies to any mobile device with storage capacity, including mobile phones and PDA’s.
So the next time you see a spAd walking along the street talking on their mobile, remember that they may in fact be breaking Government data security that have gone from one extreme to the other.


Pat said...

you are a man in the know. Do you have any idea what has happened to
Mike Smithsons site, political betting? I cannot open it. VMT

anthonynorth said...

No mobile storage devices, eh.
Does this mean they'll have to leave their brains behind, too?

Before someone answers, I know.
What brains?

once a civil servant person said...

There was also once a rule that no cameras were allowed to be taken into government buildings. If that rule still exists then lots of mobile phones will have to be left with security at the front door!

Fahrenheit said...

It's a farce. My Dept has ordered a total ban on taking laptops, PDAs, memory sticks etc out of the building until they are encrypted. Even if they have NO personal or sensitive data on them.

Even worse is that if you happened to be working from home (as we are encouraged to do) the day that policy was announced, you aren't allowed to bring your laptop back in!

It has to sit at home until a member of IT can rush out to you and encrypt it - only then are you allowed to travel back to the office with it.

The only trouble is, they have no idea how to do it, what encryption standards they need to follow, or how long the entire thing is going to take.

Looks like I might be working from home for a while...

Casual observer said...

If they can't take their mobiles out of the office, why do they need them in the office when every desk has land line phone on it?

komadori said...

That total ban that Fahrenheit mentions has now extended to all government agencies. Not just that, but also to any contractors working for them.

“This instruction also applies to personal laptops and USB/Data sticks which may hold [Government Agency] data, including those used by consultants under contract to [Government Agency] who have access to [Government Agency] systems or data.  Such computers/devices may continue to be used in [Government Agency] premises, but cannot be removed unless an encryption tool such as [proprietry encryption product] meeting the FIPS 140 standard or equivalent, has been installed and activated….

“Contractors may continue to use their own privately-owned equipment provided they comply with the encryption policy. Such staff are required to email [the Data Protection Officer] with details of any relevant equipment and confirming its compliance with this policy by close of play on [x]th February 2008. If this is not possible, the computer or device must be left in secure [Government Agency] office premises or have all personal data deleted permanently by the same deadline. Contractors wishing to continue to use their own equipment will be expected to bear the cost of ensuring its compliance themselves.

“Access to [Government Agency] through [webmail] or via key fobs on home computers will still be permitted, but staff are prohibited from downloading any information to their computer that would be deemed personal data”