The Ministry of Defence today announced that a laptop containing the personal details of 600,000 people was stolen 8 days ago from the car of a Royal Navy officer in Birmingham. The details include bank accounts, national insurance numbers, medical details, driver's licence and passport numbers and related to individuals who had expressed an interest in, or joined, the Royal Navy, Royal Marines and the RAF. Not all of this information was held for all the 600,000 individuals. But it's not just the data that is at risk; the personal safety of individuals may also be compromised.
How stupid can it be that the data on 600,000 people can be downloaded on to a single laptop! Especially after the HM Revenue and Customs debacle earlier in the year. Like the HMRC data, the MoD data wasn't even encrypted! It is, to say the least, surprising that an individual is permitted to walk off with all this personal data and just leave it in the back of his car. It would also seem to be inconsistent with Data Protection legislation that information on people who only enquired about joining up is still on MoD computers 10 years later; this must breach the DP requirement of relevance. This episode points to the MoD probably breaking 4 of the 8 "common-sense rules known as the Data Protection Principles".
Foreign Secretary David Miliband said: "I wish we could all find it easy to legislate against people leaving their laptops in cars at night, but of course that isn't the way one can do things." The issue, David, is that this amount of personal data shouldn't be allowed to be downloaded onto a laptop in the first place! Surely that's something that is easy to legislate against? Anyway there is legislation - there's the Data Protection Act.
Foreign Secretary David Miliband said: "I wish we could all find it easy to legislate against people leaving their laptops in cars at night, but of course that isn't the way one can do things." The issue, David, is that this amount of personal data shouldn't be allowed to be downloaded onto a laptop in the first place! Surely that's something that is easy to legislate against? Anyway there is legislation - there's the Data Protection Act.
This says it all about the level of data security at the MoD and especially how cavalier they seem to be when it comes to personal data.
Needless to say the MoD is "treating this loss of data with the utmost seriousness"; pity they couldn't treat the protection of this data with similar seriousness! You can bet that no individuals will be held responsible for this cock-up; like every other disaster it too will be put down to "systemic failure".
It has subsequently emerged that the MoD has lost about 500 laptops in the last 10 years........ and they have no idea what information was on those 500 laptops!
Well done MoD, it's good to know our national security is in such reliable and competent hands!
Link> BBC: MoD to be quizzed over lost data
Link> MoD: MOD confirms loss of recruitment data
Link> BBC: MoD to be quizzed over lost data
Link> MoD: MOD confirms loss of recruitment data