By Nick Heath, 19 February 2008 17:43
NEWS
The government has admitted almost 200 laptops have been stolen from various departments, including the Ministry of Justice (MoJ), since 2001.
The figures for phone, laptop and PDA loss and theft across government departments reveal the MoJ has had 135 laptops and 56 mobile phones stolen, with a further 34 laptops and 116 phones gone missing since 2001.
It was disclosed that other department losses since 2001 stand at:
- Department for International Development: 29 laptops stolen and three lost, two PDAs stolen and 18 mobiles stolen and nine lost.
- Northern Ireland Office: Five laptops stolen, two PDAs stolen and six mobile phones stolen and 20 lost.
- Department for Communities and Local Government: 28 laptops stolen and four mobiles stolen and one lost.
The figures were revealed in written parliamentary answers to questions by Brent East Liberal Democrat MP Sarah Teather who queried laptop, mobile phone and PDA losses across government departments.
An MoJ spokesman defended its record on laptop security, saying laptops were inherently in danger of being stolen.
He said: "Laptops are high risk items, being portable and high-value, and therefore more likely to be stolen than PCs. Specific security guidance is provided to staff using laptops. We have robust measures in place to protect the physical security of the department's IT assets and these measures are kept under constant review."
Security A to Z
From antivirus to zero-day, click here for silicon.com's alphabetical guide to security. 
He said nearly all MoJ laptops are now being encrypted in the wake of the Whitehall-wide ban on the movement of unencrypted data imposed following the Ministry of Defence data loss last month that resulted from a stolen laptop.
The MoD said it could not supply figures for the total number of laptops until a review into losses by the MoD is carried out.
Previous figures have shown the MoD has lost 347 laptops since 2004 and Defence Secretary Des Browne admitted that three MoD laptops containing around 600,000 details of servicemen and recruits have been stolen since 2005.
Although the laptop thefts and losses in the public sector appear high, security experts claim the situation is just as bad in the private sector.
Chris McNab, technical director with security firm Trustmatta, said: "These thefts and losses are something that is happening across the board and you are seeing roughly the same figures in the public and private sector. This stuff has always been happening but it has been publicised far more in the last six months."
Comments
There are 9 comments. Join the discussion
1. Karen Challinor
so this is normal
"Data breaches: No more than normal"
and the ICO still won't be given any teeth
and no one will be sacked for this
and nothing will change except data may be encrypted in future but the level of losses will remain the same
and you and I will continue to pay for this ineptitude and incompetence with our taxes
2. Karen Challinor
"Although the laptop thefts and losses in the public sector appear high, security experts claim the situation is just as bad in the private sector"
I used to work for a multinational company with offices worldwide, all the senior staff had laptops from the CEO down to department managers
a few were accidentally dropped and broken, a few fell foul of misplaced coffee mugs but not one went missing in all the years I was there, and believe me I would have known if one had
if only because the grapevine would have been on fire about the punishment meted out to the unfortunate who "lost" their laptop
so "security experts" can claim what they like, I'll rely on my experience
3. Matt Fisher
As if these figures aren't scary enough, I notice that there is no mention of how many portable hard drives (USB sticks, flash drives etc) staff from the government have lost since 2001.
Seems a safe bet that it would be higher than the figures for either laptops or mobile phones.
And any guesses as to what data might have been contained on those USB sticks?
4. BillK
If these laptops were encrypted and secured so that they were unusable by non-employees, then the 'losses' and 'thefts' would drop dramatically.
Do these managers live in a different world?
5. Lynton Stewart-Ashley
When will the Government and Private Organisations realise that carrying confidential data around with them is like playing Russian roulette with their reputation and their bottom line (Private) and our exposure to the criminal fraternity (Public & Private). Using an Encryption Solution removes the bullets from the gun.
In the US they have a law on disclosure - which boils down to - if it is encrypted you do not have to disclose what is therefore just the loss of a laptop, however, if it is not you must disclose and place yourself in the firing line for class action law prosecutions. The FSA hands out punitive fines when data is lost in the financial sector. When are we going to see the same action taken against other non-Financial Organizations and the Public Sector for the same lapses in good business practice and what amounts to a failure to provide a service that is 'fit for purpose'.
You would not run a laptop without anti-virus or a personal firewall these days, so why in business have we been so slow to utilise the readily available encryption solutions out there. I recommend that everyone from the CEO or Prime Minister downward should ask these one questions when next taking his or her laptop (or data storage device) out of the office – does this contain information deemed private – if the answer is yes, then if it is not encrypted leave it locked away in a safe place.
6. Haydn Rees
There are a couple of "must-haves" for any upgrade of the Data Protection Act.
DPA becomes serious Criminal Law.
1) A named Data Custodian in every department covering all data an organisation holds (Director level role with the power to enforce, and the liability of going to jail if the organisation breaks data protection law).
2) If you pass data outside the organisation, and it is used appropriately, your DC goes to jail.
3) If you don't disclose a breach the moment you find out, your DC goes to jail.
This is a chance to create the sort of "White Hat" Technical Security Sector (probably regulated by the CESG) we will need to keep all the Critical Infrastructure and Personal Data being put onto the Internet secure.
7. Guy Reynolds
My experiences are similar to Karen's, having worked for SMEs and big mulitnationals. Yes people have accidents and drop and spill things, but I know of only one instance where an item of company property was lost or stolen be they mobiles or laptops.
In the instance I know of the person concern had taken reasonable precautions, the laptop and mobile were in an unmarked bag, in a cupboard in a locked house, unfortunately the house was burgled and ransacked whilst they were out at a wedding.
If there are consequences resulting from loosing company property and staff are aware of them they act accordingly.
8. Chris Goodman
Until a public servant is made financially responsible for lost equipment in his or her custody with an automatic swinging penalty there will be little or no real interest in "their government status symbol". And stolen is not an excuse, stolen only happens when security is neglected.
9. Don Tregartha
Take the laptops off them. Make them stay on in the office to finish the job, then they can go home with the data safely locked down on the server.
Or maybe I'm missing something here?