In January 2008 the Ministry of Defence admitted that a laptop had been stolen.
The laptop, which like so many other cases of data loss was not encrypted, contained the personal records of over 600,000 defence staff.
Following an investigation into this data loss the MoD found that two other laptops had been stolen, neither of which were encrypted. As a result the head of the Civil Service has told Whitehall staff not to remove laptops with sensitive data from their offices. If there is no need to remove laptops from the office, and they contain sensative information, why is the data even on laptops? Why are these staff issues laptops that are not supposed to be taken out of the building? why not issue the staff with desktops which are secured to the desk/floor, in a secure MoD building? Even better, why is encryption not used as standard?
This data loss followed on from numerous other instances of data loss, including the NHS data loss and the now infamous case of the HMRC losing data (the HMRC data loss, which was subsequently slated in numerous reports). All of these data breaches were avoidable by basic common sense, despite this the MoD theft of a laptop still occurred and the government have still not learnt their lesson and there have been two more cases of data loss, due to a lack of encryption. The first is the loss of a “terror file“, the second is the loss of another laptop.
In June 2008 a report into the MoD Laptop theft by Sir Edmund found that the loss was due to variety of issues, but mainly failures within the MoD. The report blamed the “”rapid and often uninhibited exchange of information”, and the fact that the MoD has lost its “cold war” mentality towards security. The full MoD Report by Sir Edmund Burton is avaible for download.