Home Office loses 84, 000 personal details.
In the Home Office’s infinite wisdom they sub contracted out the handling of the personal details for 84,000 prisoners to the company PA Consulting.
As the name, PA Consulting, implies, they are a consulting company who do a lot of general consulting-PR-consultancy-kind of company, who the government just seem love, its all very vague, but they provide really nice reports on very high quality paper.
PA Consulting were in possession of the 84,000 details for their consultancy/processing role. The data was, allegedly, “stored securely”, however the data was then copied onto a USB drive, which has since been lost.
The two very obvious points are:
- Its not secure if you can just copy off data.
- If data need to be copied off, why was it not put on an encrypted media? Stopping this sort of data loss is not rocket science.
Also, how many other times has data been copied off and stolen, rather than lost? This loss has been reported, but somebody have produced a previous copy and then duplicated that, therefore leaving no evidence of there being multiple copies of data?
Do PA Consulting have records for logging/preventing people copying data to USB drives? Almost certainly not as they had no other security on the system.
There are well documented methods to secure servers, securing removable media, and methods to try and prevent people from stealing data or companies losing data.
Despite the methods and options available, the government fails, time and time again, to address the data loss problem.
The question of “How much data loss is too much?” needs to be asked yet again.
Sadly, it is unlikely to be this latest case of data loss, with just 84,000 records (and only of criminals) is likely to tip the balanced. Especially compared with the loss of 25 million records of families which had no real effect on the governments data security.
To quote PA Consulting, “Clients call us when they want….counter-intuitive thinking and ground breaking solutions”.
They are right its pretty counter intuitive thinking to allow 84,000 records to be stored unecnrypted, unsecured and not logged.