Reseller News

UK gov't loses personal data on 4M people in one year

Call for 'data guardians' to be appointed to monitor the government's handling of information.
  • Leo King (Computerworld UK)
  • 22 August, 2008 12:11

The U.K. government has lost the personal information of up to four million citizens in one year alone.

The astonishing figures, calculated by the BBC, added up as Whitehall departments slowly released their annual reports for the year to April.

And the trend has not stopped - in the latest revelation, HM Revenue Customs, which infamously lost the details of 25 million child benefits claimants last November on two unencrypted discs, experienced 1,993 data breaches between 1 October last year and 24 June.

Treasury minister Jane Kennedy told MPs the newly-announced HMRC breaches did not necessarily result in data losses, adding that they reflect "potential weaknesses reported by staff and not actual thefts or losses", and indicate that staff are more aware of security and reporting more incidents. HMRC said it takes data loss and security breaches "very seriously" and thoroughly investigates any breach.

Earlier this week, the Ministry of Justice admitted it had lost 45,000 people's details throughout the year, on laptops, external security devices and paper, and that 30,000 of them had not been notified. The MoJ said it had a "dedicated information assurance programme" in place to improve data security.

Before that, the Home Office announced it had lost the data of 3,000 seasonal agricultural workers on two unencrypted CDs.

In May, the Department for Transport lost the data of three million learner drivers. Other data losses occurred at the Foreign Office, which lost 190 people's data in five incidents.

In January, the Ministry of Defence said it had lost a laptop containing the details of 620,000 recruits and potential recruits, and some information on 450,000 referees for job applicants.

In march the UK government revealed over 11,000 military ID cards have been lost or stolen in the last two years, while the UK Home Office launched an investigation in February after a buyer acquired a laptop on eBay that contained a disc with confidential information.

As the government spends £12.7 billion (US$25.4) putting NHS patient health records onto a central computer, there have been a string of data losses from NHS hospitals. In June, two NHS trusts lost unencrypted laptops containing 31,000 patient records. In May, 38,000 patient records on tape were lost after being posted by the Isle of Wight Primary Care Trust.

Information Commissioner Richard Thomas recently served enforcement notices on HMRC and the MoD for their data losses, insisting they report regularly on their data handling. He also said he "welcomed" the Home Affairs Committee's report that urged the government to stop creating large databases on citizens without first proving they are necessary.

The Liberal Democrats have called for 'data guardians' to be appointed to monitor the government's handling of information. The data protection minister, currently Michael Wills, should also have a stronger influence in central government, they said.

They attacked the "depressing climate of disrespect for the security of our personal information," advocating doubling the Information Commissioner's budget and implementing stronger legislation around data protection.