Home Office "does not always encrypt personal data before transferring it by disc"
- From: James Hammerton <jah.usenet@xxxxxxxxxxx>
- Date: Sat, 27 Sep 2008 19:39:53 +0100
In recent years there have been numerous stories of CDs, memory sticks, laptops, hard drives and other devices storing large amounts of data going missing or being stolen from government departments and public bodies, and to be fair also from private organisations as well, though a recent newspaper report suggested data was twice as likely to go missing from public bodies than from private organisations (http://www.telegraph.co.uk/news/2236425/Confidential-information-twice-as-likely-to-be-breached-by-public-sector-than-private.html).
To a degree it is inevitable that the loss of data storage devices will occur. Modern technology is such that a 4GB memory stick fits easily into the palm of my hand. This would easily hold the child benefits database which was downloaded to two CDs that went missing in the post.
Simple human fallibility dictates that from time to time someone will mislay a CD or a memory stick, or leave their laptop in a taxi or on the train, or that items will go missing in the post. Large organisations that regularly transfer data or regularly let their employees take laptops on journeys with them will thus inevitably see some losses as a result.
The loss of such devices would not be so worrying if the data was encrypted. It seems to me that a policy of always encrypting data on CDs, memory stick or laptops would significantly reduce the risk of the data being stolen, or lost data being misused by those who find it. Of course that risk would not be completely eliminated, but it would mean that anyone without the password to decrypt the data will have to work hard to decrypt it, with no guarantee of success.
Yet it transpires that Home Office policy is that they do *not* always encrypt perosnal data that is being transferred by disk (http://www.magnacartaplus.org/news/wp-admin/post.php?action=edit&post=212).
Surely, after years of seeing data go missing via losing CDs and other storage media from numerous government departments, including the Home Office itself, it is *negligent* to allow it to be transferred in plaintext form via such means?
Bear in mind that there are many encryption products available, including good open source products, and our own government's hi-tech snooping agency, GCHQ, were instrumental in the development of public key cryptography, so it's not as if it is difficult for the government to get hold of the means to encrypt such data.
James
.
- Prev by Date: Re: British man shot at by Israeli Navy
- Next by Date: Re: First ID cards roll out
- Previous by thread: Two More Big US banks set to fail
- Next by thread: Re: First ID cards roll out
- Index(es):
Relevant Pages
|
