Government suffers average of one data loss per week
The government has suffered an average of one data loss incident per week over the past year.
On the anniversary of the HMRC data loss incident, where two CD-ROMs were lost that contained the personal details of a reported 25 million people, the government is still proving it is unable to protect data.
Parliamentary findings reveal that 53 computers, 36 BlackBerrys, 30 mobile phones, four memory sticks and four disc drives have been lost, with the Department of Health losing a total of 14 laptops.
Gary Clark, VP EMEA at SafeNet, said: “It goes without saying that it's been a catastrophic year for data loss across government. Over the past 12 months the public has been left vulnerable because of the lackadaisical approach to protecting data.
“Any organisation that handles sensitive information about the public has a responsibility to protect it. This doesn't mean there should be a total lockdown on the transfer and transportation of data – the proliferation of mobile devices and popularity of mobile working would make this impossible.
“Instead the government needs to focus on protecting the data itself by making sure it cannot be accessed by anyone outside of the department to which it belongs.
“When it comes to the Government, we should be able to trust that stringent practices are in place to secure our personal data. These should include identifying process weaknesses, adopting robust security standards and encrypting all sensitive data.”
Greg Day, EMEA security analyst at McAfee, said: “This is a combination of every story from the last few months – losing laptops, USB sticks, BlackBerrys, documents on trains – to me the story is not a new one as security is generally getting worse, and we are getting used to this news.
“What we need to look at is asking what data is on the devices, what impact and risk will be felt if it is lost and was the data safe? What I have found to be pleasing is to have found that the data was safe and that has got to be good news.
“In time we will look at if a device is lost we will look at it from the angle of did it have information on it, and if so was it encrypted, and if so, how is it being managed? We are moving away from this and looking at how we tackle the problem.”