Over time, I will add items that might help you to make up your mind. And then please make your voice heard at the website:
http://petitions.pm.gov.uk/
6th Feb 2008 NHS has lost thousands of smart-cards
http://www.itpro.co.uk/news/163317/nhs-has-lost-thousands-of-smartcards.html
Data thefts and losses in the UK - Timeline
http://www.itpro.co.uk/news/158184/data-thefts-and-losses-in-the-uk-timeline.html
UK information commissioner warns of data loss
UK has seen an "alarming number of security breaches" in the last six months
Computerworld UK staff, Computerworld UK
25th April 2008
The UK has seen an "alarming number of security breaches" in the last six months involving public sector, private and charity organizations according to Information Commissioner Richard Thomas.
There have been 94 serious data breaches reported to the Information Commissioner's Office (ICO) in the six months since HM Revenue and Customs lost two CDs containing 25 million records of child benefit recipients.
Public sector was the worst culprit, experiencing 62 breaches in the past six months. Almost a third of those occurred in Whitehall and its agencies, and a fifth happened in NHS trusts.
In the private sector, which had some 28 incidents, financial firms were responsible for half of security breaches. HSBC was one high profile culprit. Retailer Marks & Spencer was another. In January the Information Commissioner gave it two months to encrypt all its laptop hard drives. This followed the theft of an unencrypted laptop which contained the personal information of 26,000 M&S employees.
Thomas said it was "disappointing" that the HMRC breaches calamity had not stirred other bodies to prevent "unacceptable security breaches."
"The government, banks and other organizations need to regain the public's trust by being far more careful with people's personal information. Once again I urge business and public sector leaders to make data protection a priority in their organization," Thomas said.
Information that has gone missing includes unencrypted laptops and computer discs, memory sticks and paper records. Data has been stolen, gone missing in the post and whilst in transit with a courier. The material that has been lost includes a wide range of personal details, including financial and health records.
In 16 cases the ICO has required the organization to make procedural changes to improve data security, such as encryption. In three instances the lost information has been recovered.
The Commissioner's findings coincide with the release of the 2008 Information Security Breaches Survey, which was conducted by Price Waterhouse Coopers on behalf of the Department for Business Enterprise and Regulatory Reform.
The survey revealed that 78 per cent of those surveyed reported having a laptop stolen where the data on hard drive was not encrypted while 13 per cent had detected unauthorized outsiders within their network.
Andrew Beard, director of PricewaterhouseCoopers, said: "It's easy for companies to become complacent but they must consider their duty to protect users in the long term future."
Boots security worker loses data on 34,000 people
Posted by Nicole Kobie at 3:06PM, Wednesday 23rd April 2008
Data tapes stolen out of security subcontrator's car included banking information related to the firm's dental plan.
Boots is the latest UK organisation to lose customer data - but this time, it was from the hands of a security subcontractor.
The high street chemist chain has today admitted losing 27,000 customer records and 7,000 employees details related to their dental plan. The information included bank account details, as well as names and addresses.
The data tapes were stolen from the car of a security subcontractor on 3 April in Bristol. Police and the Financial Services Agency are investigating, and the Information Commissioner's Office (ICO) has been notified. The FSA has previously issued massive fines for such breaches, including a £1 million fine to a building society for a lost laptop.
In a statement, Boots said it takes data protection "extremely seriously," and that fraud was unlikely to occur because of the nature of the stolen data. "We would like to reassure our Boots Dental Plan customers that because of the type of data tape that was stolen and the way the information was stored it is highly unlikely that any personal data could be accessed or misused."
Boots added that all the affected people had been notified. The news comes as the Bank of Ireland today admitted losing four laptops contining details pertaining to 10,000 customers.
The breaches are just two in a long string of UK losses.
The ICO said yesterday that nearly 100 such incidents had been reported to it in the six months since HM Revenue and customs lost records for millions of people on two discs.
Ministers in dock after massive loss of UK prisoner data
Yet another government data bungle
Mike Simons, Computerworld UK Friday, 22 August 2008
Minsters are squirming this morning after the details of 84,000 prisoners in England and Wales were lost.
The data was supplied by the Home Office to contractor PA Consulting but was transferred, unencrypted, to a memory stick and subsequently lost.
The Information Commissioner has described the loss as "deeply worrying." "Searching questions must be answered about what safeguards were in place,” said David Smith, deputy commissioner at the ICO.
The missing memory stick includes un-encrypted details for about 10,000 prolific offenders and data on all 84,000 prisoners in England and Wales.
PA Consulting told the Home Office on Monday that it feared it might have lost the data and confirmed the next day that it could not locate the memory stick. No more data will be transferred to PA Consulting during the investigation into the loss, the Home Office said.
Philip Wicks, a security expert at IT services firm Morse, said, “This case highlights the fact that it isn’t just laptops that you need to secure to protect against data loss in the event of them being lost or stolen.
"Organizations need to ensure they have controls in place to protect the data on memory sticks, and other removable storage devices such as iPods and discs, so that if they are lost and end up in the hands of criminals the data can’t be used for unscrupulous purposes."
Wicks said that there seemed to be “a culture of letting anyone download anything onto a memory stick.”
He called for a reversal of this approach so that downloading was forbidden, unless people who absolutely needed data on portable media could demonstrate that the information would be held securely. “If this is done, data security will be vastly improved,” he said.
PA Consulting has not so far commented on the data loss.
| Personnel records stolen from MoD |
http://news.bbc.co.uk/1/hi/england/gloucestershire/7639006.stm
| Teachers' details on missing disk |
The General Teaching Council (GTC)'s letter to teachers said it went missing after being sent from Rotherham via Parcelforce to its Birmingham office.
http://news.bbc.co.uk/1/hi/england/west_midlands/7636822.stm
