By Nick Heath, 22 January 2008 08:22
NEWS
The Ministry of Defence has had two further laptops stolen, admitted Defence Secretary Des Browne.
silicon.com's Full Disclosure campaign - what we are asking for...
silicon.com wants the government to review its data protection legislation and improve the reporting of information security breaches in the public and private sectors.
We are calling for greater public debate and for the government to consider legislation that would require organisations that suffer information security breaches to alert their customers if there is a chance the breach has put individuals' sensitive personal data at risk.
We want to hear your views about this campaign and the issues it raises. Make your voice heard by leaving a Reader Comment below or emailing us at editorial@silicon.com.
Speaking before parliament he confessed the theft of a Royal Navy laptop containing 600,000 servicemen's and recruits' details on 9 January was not a one off - saying laptops containing similar details for a smaller number of people had also been stolen in 2005 and 2006.
Browne said Sir Edmund Burton, Information Advisory Council chairman, would investigate weaknesses in MoD security procedure and warned if these losses had breached the law the individuals would "have to live with the consequences".
He said the Royal Navy had completed its investigation into what had happened and was considering what action needed to be taken against the recruiting officer who had the laptop stolen from his car in Edgbaston in Birmingham on 9 January.
Browne admitted none of the data on the three stolen laptops had been encrypted and said the individual who suffered the laptop theft in January had failed to follow MoD data security procedures.
He said the previous thefts had been reported to the police and the armed forces but that politicians and the individuals whose data was on the laptops had not been informed.
Shadow defence secretary Liam Fox challenged Browne saying the MoD had lost 68 laptops in 2007, 66 in 2006, 40 in 2005 and 173 in 2004 asking him: "What on earth is going on?"
Fox said: "This seems like a systemic failure, not a single act of incompetence. This is a dreadful mess that the Secretary of State has unveiled."
Browne said: "It is clear there were shortcomings in security training and awareness among relevant staff. I take this theft extremely seriously. I am also keenly aware of the risk should this data fall into the wrong hands. Those in the armed forces have a right to expect their data will be properly protected. This must never happen again."
He added that Sir Edmund's review would look at concerns raised by information commissioner Richard Thomas on why a database of this size was kept on one machine.
Browne said Sir Edmund would co-operate with the investigation into the loss of 25 million child benefit details by the HMRC.
Names, passports details, national insurance numbers, drivers' licence details, information on family, doctors' addresses and NHS numbers were included on the Royal Navy laptop stolen on 9 January.
The MoD has also contacted 3,700 people whose bank details were on the machine and relevant banks have been warned.
Comments
There are 2 comments. Join the discussion
1. Roger Huffadine
So what's new? -- I bought a Compaq laptop from a car boot sale a few years ago and that had a file of 'very low level' MOD information on it - I can't remember if I erased the info or kept it - maybe I should find it & have a look.
There was nothing that could be called 'personal information' on it and nothing to breach National security - but I was shocked to find a PC at a car boot that had anything military on the hard drive.
2. Karen Challinor
I wonder which junior scapegoat ... sorry I of course mean junior office worker, is going to be thrown on the sacrificial pyre this time
putting that much live data on a portable device, while convenient, is certainly not a good idea and is on a par with putting 25 million personal details on to removable media and popping it in the post
systemic and procedural problems point to those who create and authorize the systems and procedures not to those who have to follow them
so when are we going to see some senior heads roll for these systemic and procedural incompetencies
and just to prod HMG again, when is the data protection registrars office going to get some power to enforce as well as inspect ? come to think of it when will the power to inspect be granted ? it's been 4 months since HMRC soon to be 5 or is Gordon hoping people will forget his rash promise to allow inspections ?