- subscribe to this site
More data lost
Posted by Mark on Oct 10, 2008
This time we hear that a contractor has lost a portable hard drive containing 1.5 million records of military personnel, and that it was not encrypted.
Presumably, with the economic crisis being a “good time to bury bad news”, not a lot will happen. Will we ever get the answer to the one rather simple question about what happened?
What on earth was anyone doing copying 1.5 million service records on to a portable hard disk?
There is no good reason for this, it is just plain sloppy and careless. Remote and secure data access has been with us for many years, yes there can be problems but these can usually be detected quickly rather than waiting for someone to notice that a disk has gone awry.
There are questions about why data was not encrypted and why was the device not secured, but the only real question is why was the data transferred to it in the first instance. There are so many ways to allow secure access to data that don’t require the use of portable hard disks.
The loss became apparent during an “audit”, was this a scheduled audit of the result of some suspicion that all was not well. Either way it appears that it is acceptable for data to be mis-handled and then for there to be a delay until the problem is noticed, is there no on-going checking and monitoring?
It is probably time to ban removable data storage devices from all areas of government until some sense is learned. We had this with the Zip disks at the Los Alamos labs a few years back, people using removable storage media without any control resulted in China possibly taking a great leap forwards at the expense of the west, now we in the UK seem to want to follow suit.
An alternative would be that we just publish everything about everyone, then we can employ all the “numpties” we like to take care of things as it will no longer matter. Failing this then some accountability is needed rather than lame excuses and sweeping things under the carpet, if the contractor cannot do the job then change them or just stop giving them access to data in such an uncontrolled way.
