In interviews on Friday [10 October 2008] the BBC asked me whether the possible loss of sensitive, unencrypted data on armed forces personnel, as a result of a missing portable hard drive, was the fault of the MoD's main IT contractor EDS. I said not necessarily - it's unclear whether the MoD should be, or needs to be, passing sensitive government information into pass into the hands of private contractors.
It's remarkable that the MoD doesn't stipulate encryption for portable data stored in secure offices.
It's also remarkable that departments - not just the MoD - seem not to put any limit on how much government information - citizen information - they allow to be transferred to outsourced private companies. One question MPs should ask ministers is: how much control does the government have over the outsourced information held on millions of us? The government's honest answer should be: "We have no idea."
So much for internal audit. So much for the Data Protection Act.
Links:
Our interview with MoD over EDS missing hard drive - IT Projects Blog, 13 October 2008
EDS again? - Stuart King's blog
EDS loses personal details of 5,000 prison staff - Computer Weekly
Private data on armed forces goes missing - Silobreaker
