Personal sensitive data keep on being lost in UK
(Dieser Artikel ist auch in deutscher Sprache verfügbar)
Many documents with confidential data including benefit claims, passport
photocopies and mortgage payments were found on 17 January 2008 lost on a
roundabout near Exeter Airport in Devon, UK.
Mr Karl-Heinz Korzenietz, the finder of the documents, told BBC News: “I
thought first of all it was rubbish. But when I looked at the papers I
discovered they were highly sensitive. I was shocked and surprised that
sensitive papers like this would just be lost like that.” Mr Korzenietz has
also said that this was the second time he found such kind of documents.
On 6 November he found another set of similar documents that he handed over
to the Royal Mail depot in Exeter which returned the documents to TNT
carrier. However, TNT said they were unaware of any missing data and
stated they were not the only company providing services to the government.
The Ministry of Defence (MoD) has also disclosed the theft on 9 January
2008, from a Royal Navy officer, of a laptop containing details on more than
600 000 people including Royal Navy, Royal Marine and RAF recruits, as well
as other people wanting to join the services. The MoD has approached the
security and intelligence agencies and, although the Joint
Terrorism Analysis Centre, considered the threat as low, the ministry
approached the banks and individuals whose data were in the missing
database. The respective data included passport information, family details,
national insurance numbers, driving licence details and even medical
information.
According to Conservatives and Liberal Democrats the theft raises further
concerns related to the government’s plans for identity cards considering
that the government would have to convince the public that it could safely
manage the identity card system.
These two incidents continue the series of personal data losses that have
lately occurred in UK. In October 2007, two discs containing an unencrypted
copy of the entire child benefit database were lost in transit between HM
Revenue and Customs and the National Audit Office. In December 2007, a hard
drive with a driving theory test database containing details on 3 million
candidates was lost in the US and at the beginning of 2008 personal details
of hospital patients were lost by the NHS.
Conservative MP Chris Grayling said: “You would have thought after the child
benefits fiasco every department would have doubled and trebled their
efforts. The fact that this hasn’t happened is incompetence of the highest
degree.”
On 10 August 2007, the House of Lords Committee on Science and
Technology published a report on “Personal Internet Security” recommending a
Security Breach Notification law that would require companies that leaked
personal data to notify this event to the people concerned. Unfortunately,
in October 2007, the Government turned down the Committee’s recommendation.
Richard Clayton, specialist adviser for the Committee and an EDRi-member of
the Foundation for Information Policy Research, commented: “What’s needed of
course is a security breach notification law, so that everyone (not just
Government departments as here) is forced to notify people when they lose
personal data AND forced to notify a central clearing house, so that
researchers can start to build up patterns and observe commonalities, so as
to better advise the holders of personal data what they — as a group — are
doing wrong.”
The Defence Secretary, Des Browne, gave a statement to the House of
Commons on 21 January 2008 saying that in fact three laptops had been
stolen over the previous two years. The head of the Civil Service has
now issued instructions that laptops holding sensitive personal data
must not be removed from offices.
Personal data found on roundabout (18.01.2008)
http://news.bbc.co.uk/1/hi/england/devon/7197048.stm
Recruits’ banks alerted after theft of laptop (21.01.2008)
http://www.guardian.co.uk/idcards/story/0,,2244251,00.html
EDRi-gram: UK government loses personal data on 25 million citizens
(21.11.2007)
http://www.edri.org/edrigram/number5.22/personal-data-lost-uk
Personal Internet Security – House of Lords Science and Technology Committee
5th Report of Session 2006-7 (10.08.2007)
http://www.publications.parliament.uk/pa/ld200607/ldselect/ldsctech/165/165i.pdf
House of Lords Inquiry: Personal Internet Security (10.08.2007)
Government ignores Personal Internet Security (29.10.2007)