Does the old adage, Once Bitten Twice Shy, work for the UK government, in respect of data theft?
Data theft and data loss, unfortunately, occur all over the world, its just a fact of life.
However it is important the “data loss” is differentiated from from “data theft”. Data Loss is when somebody misplaces or loses data, with the potential to give others access to it. Data Theft, on the other hand, is when an individual, or group, deliberately defeats security systems to take the data. One is leaving your wallet on a train the other is being mugged. We should never do the former and try to prevent the latter.
The UK government has a different approach to data security. Don’t do anything about the former and ignore the latter.
In the rest of the world Governments seem to learn much faster.:
In Finland the Government did not provide enough protection of data and as a result worked to make changes, but despite this were still found guilty in the ECHR, and so even more changes are afoot.
In Korea when data was stolen the police are immediately called and appear to take action.
In Germany the government conducts proactive investigations to try and find out how much personal data is out there. Then, based on this information, then tries to clamp down on the data loss/theft
The UK, who s appears to be losing more data more often than any other government, is not doing very much at all.
So, how many times do the UK Government need to lose data, fail to protect it, or allow the trade to go unpunished before action is taken? Obviously much more than twice!