A
lost MOD hard drive, which contained the personal details of
members of the armed forces, did not have to be encrypted under
Ministry of Defence procedures because it was held in secure
premises, it has emerged.
The drive could contain data on 100,000 members of the armed
forces, and 600,000 potential recruits, according to reports.
Rob Fry, head of EDS Defence, told BBC Radio 5's Drive
programme, "The hard drive was not encrypted but neither did it
need to be, in terms of the protocols to which we and the Ministry
of Defence work, when it sits inside a secure site."
The BBC also interviewed a Computer Weekly journalist, about the
implications of the missing hard drive.
EDS reported the loss of the disk last wednesday, but it is not
known when the drive disappeared.
The Ministry of Defence said in a statement that the hard drive
may yet turn up at another secure site. It has conceded that the
personal information of members of the armed forces might have been
"compromised" by the loss of data on the drive.
The 1TB portable hard drive went missing from a secure EDS site
at Hook in Surrey.
MPs have criticised the loss of the hard drive, saying that a
culture change is needed to prevent personal data going
missing.
The MoD said in a statement, "On Wednesday 8 October we were
informed by our contractor EDS that it was unable to account for a
portable hard drive used in connection with the administration of
Armed Forces personnel data. This came to light during a priority
audit EDS are conducting to comply with the Cabinet Office data
handling review. The MoD Police are investigating with EDS."
A spokesman for EDS said, "Following a data audit that we
carried out under the terms of the
Cabinet Office's Data Handling Review, we have been unable to
account for a removable hard drive that was held in a secure
location at our facility in Hook. We informed the MOD on Wednesday
8 October and we are working with them to investigate this,
including to establish what data may have been on the hard drive.
There is no evidence that security at the site has been
breached."