Computer Weekly bloggers have questioned whether government
actions to eradicate data losses is making any progress, following
today's
loss of 120,000 criminal records.
CW Blogger
David Lacey is a security consultant and former chief
information security officer at Royal Mail. He said the breach
illustrated the challenge of eradicating bad security practices
across Whitehall. "Massive publicity and waves of security reviews
have clearly not made sufficient impact on day-to-day operations.
We need to take a whole new approach to security culture," David
Lacey wrote.
It is also worrying the contractor that lost the data was PA,
said CW Blogger
Toby Stephens. "PA Consulting did the lion's share of planning
for the National Identity Scheme. Its staff has been immersed in HM
Government Information Assurance procedures for some years now, so
the very existence of an unencrypted memory stick with that data on
it is inexcusable," wrote Toby Stephens.
In his
risk management blog, Stuart King pointed out that PA should
use encrypted memory sticks. "Encrypted USB sticks are a little
more expensive than standard devices but readily available," said
Stuart King.