Another disgraceful tale has been sent to us by a supporter which can drop straight into our 'Losing Data' category tag.
From the Barnet and Potters Bar Times:
Personal details of 9,000 school pupils has been stolen from the home of a Barnet Council worker, it has been revealed.
Twenty unauthorised and unencrypted CDs and memory sticks with details including names, date of birth, addresses, phone numbers and school attainment were taken from the house a fortnight ago.
An encrypted council laptop was also taken in the raid, which council officials say was not targeted but a random burglary.
First question: what was this sensitive data doing sat on a council worker's kitchen table?
Second question: why were the CDs and memory sticks unencrypted?
If one reads the full article, it is hard not to praise Barnet for their speedy actions in trying to rectify the problem.
But the episode does add further weight to the points we made in our recent report into medical records: namely that the state does not treat our personal data with anything near the respect it deserves, and the more people with access - the more likely it is to get lost.
By Dylan Sharpe
HT: DM
>This should not be a case for concern relating to safeguarding.
How can the Chief Executive make that assertion? He's no idea who took the data, or what they intend to do with it. The *probability* is that nothing will happen with it, but that's really for individuals to assess.
>We shut down every software device, USB drive and CD copiers
What's a "software device"? A program? So, they shut down every program? Unlikely, to say the least. What about email, etc?
>could not be hacked by the thieves because it had a double password and conformed to government guidelines.
Does it have whole disk encryption or not? Basicallt that's the question. Double password of "password" and "iloveyou", no doubt. Again, not offering any comfort.
Until this kind of behaviour becomes a gaoling offence, we'll continue to see the same thing again and again. If this person has been keeping a bank's money at home, he/she would be in court.
But, as it's "only" data on children, who have no say in the matter, it'll be *at worst* a firing offence - so he/she'll we get another job and everyone goes back to business as usual - i.e. spraying out public data around liberally and telling us not to worry our pretty little heads.
Posted by: V | 31/03/2010 at 11:01 AM
For all we know the discs could have been lost rather than stolen and a story concocted to cover it.
*Why* does each child have a unique identification number and a comprehensive database entry? What happens to this record and who has access to it?
Posted by: Gareth | 31/03/2010 at 12:49 PM
Seems like they went to a lot of effort to get data not worth worrying about to their home, for no apparent reason
Posted by: FedUp | 31/03/2010 at 02:50 PM