Another data loss, another lax response

When TV crews went into the offices of PA Consulting in London last week the staff looked as if they thought they were in the midst of an...

When TV crews went into the offices of PA Consulting in London last week the staff looked as if they thought they were in the midst of an armed raid.

They might have hidden under their desks if not for the security people at PA, who showed they were in control: they put their palms on the lenses of the TV cameras.

But the TV crews were performing a public service. A member of PA's staff had lost a memory stick with, for instance, the names, addresses and dates of birth of 33,000 criminals - data from the Police National Computer. The TV crew was holding PA to account - something the Prison Service, Whitehall and the government probably will not.

All ministers have done is reflexively order a review of PA's contracts - which will not have the company's executives reaching for Prozac.

It appears that the government is hoping that by the time there is another big data loss, the public will be desensitized to them. Data losses are becoming a habit. Many people will not even care that an IT manager, Andrew Chapman, bought a server on eBay which had the details of one million people who had given personal information to the Royal Bank of Scotland, Natwest Bank and Amex: it is a side-effect of the technological age.

The lack of interest in IT security by the general population is not a reason for corporate complacency. Indeed, the antidote to organisational carelessness is a fine so large it gives companies and their outsourcing suppliers a financial reason to be paranoid about keeping private information private. The Financial Services Authority has already fined Nationwide nearly £1m after a laptop containing customer data was stolen.

It is different in the public sector. PA Consulting works for the Home Office. So the supplier will probably be rapped over the knuckles with a feather duster and perhaps the only change it will be encouraged to make is to secure PA's reception area against TV crews that do not have an invitation. So much for learning from mistakes.

This was last published in September 2008



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.