Contractor EDS has lost the personal details of thousands of
prison staff working in England and Wales in the latest data loss
fiasco for the government.
The details were held on a hefty 500Gbyte hard drive and would
be highly sensitive if they ended up in the wrong hands. Not only
would staff be potential victims of identity theft, they could also
be targeted for reprisals by criminals that have passed through the
prison system.
Justice secretary Jack Straw (pictured) has ordered an inquiry
into the data loss, which involves up to 5,000 prison staff. The
hard drive is said to have gone missing in 2007, but the prison
service was only told of the loss two months ago.
Straw is angry that he was only informed of the problem last
weekend through newspaper tip-offs. The Ministry of Justice
believes the missing data remains "somewhere on EDS premises".
EDS has not commented on the disk's likely whereabouts.
Straw said, "I've ordered an urgent inquiry into the
circumstances and the implications of the data loss and the level
of risk involved.
"I have also asked for a report as to why I was not informed as
soon as my department became aware of this issue."
Andrew Clarke, international senior vice-president at Lumension
Security, said, "It's a sorry state of affairs when newspapers are
informing the government of a data loss. It's extremely worrying
that the justice minister remained blissfully unaware of this
latest situation. How many more does he not know about?
"The only way to prevent data loss from removable devices is to
take control of inbound and outbound data from all endpoints and
encrypt it."
The loss is the latest in a string of high-profile incidents to
have affected government departments. The losses come as the
government prepares for the impending roll-out of its national
identity card scheme, with foreign nationals the first to be issued
with cards in November.
Privacy campaigners said the data losses demonstrated the
government could not be trusted to keep citizens' data safe on a
national identity card database.
Government data losses >>
Organisations failing to secure consumers' personal data
>>