Skip to navigation
   
Davey Winder's Blog
RSS

The strange tale of a ladyman and your data

By Davey Winder in Editorial

Posted in Data Protection, Blog, Security on December 18, 2007 at 12:06 pm

Permalink | Author Profile

Here we go again.

This time it is the Driver and Vehicle Agency in Northern Ireland that has been playing fast and loose with your data, or at least that of some three million would be drivers whose details have gone missing. This time the data disappeared not in transit between a couple of government departments in the UK, but somewhere in Iowa apparently. According to a statement by the Transport Secretary, Ruth Kelly, the data was sent electronically to an outfit called Pearson Driving Assessments in Iowa, US one has to assume for processing purposes, and the hard drive containing the names, addresses and telephone numbers of those applicants was then passed off to someone at some company (the details are far from clear as to who or why) in another state before getting lost either on the way back or on arrival in Iowa.

It should come as no surprise that all this happened back in May, or that the government knew about it in June when the then transport minister was informed but deemed it not important enough to worry the public about. The transport minister at the time was one Stephen Ladyman, which is ironic because I always think of Ruth Kelly as being something of a manlady. However, that’s another story entirely.

Back to the main plot then.

Once again this has to come not so much as a wake up call, but rather a bloody great slap in the face, for any business which handles data to get their finger out and ensure they have a proper policy in place for the encryption of that data whenever it is being moved. If the government had considered our personal information valuable enough to encrypt before throwing in the internal mail system or chucking at some company in Iowa, then there would have been much less of a scandal to get heated about. Yes, we could have got hot under the collar about process and procedural failings, but at least the data would have been worthless to whoever it ended up with.

That said, the whole ‘use encryption you idiot’ debate does throw up another interesting aside: what happens if you lose the key that unlocks your own data?

Geoffrey Finlay, CEO of nCipher puts it quite nicely when he says “encryption is a powerful tool, but getting it wrong can at best result in a false sense of security and even worse leave data scrambled for ever - the equivalent of a corporate document shredder. A well-planned deployment of encryption, supported by strong key management and access controls will eliminate further HMRC, DVA and Driving Standards Agency catastrophes and result in better protected data that is available to the right people at the right time. The idea of end-to-end encryption may still be a long way off but cryptography is increasingly playing a vital role as the last line of defence.”

And that means both encryption and key management have to be a must get for all organisations with sensitive data, end of story…

12345
Rated: 100% (1 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Comment by Nick Kotarski - January 28, 2008 on 8:54 pm

I just can’t get over how sloppy thes guys are with our confidential details. Are they totally clueless? I suppose that the answer is: yes they are totaly clueless.

The level of access that junior staff have to the whole shooting match is beyond belief.

Laptop drives should be routinely encrypted if they contain confidential data and not left in cars overnight.

Access to data should be segmented so unless there is a good reason one person can’t get at it all. This is what happened in health centres because systems were not linked. But not once the new NHS system is working.

Madness.

Interesting question. If an encrypted disk develops s fault is it possible to recover any files? Or is it as you say a document shredder?

Nick

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

Europe Dell Networks Pirate campaign Browser banks management Ballmer credit card fraud lawsuit Texting Recall Children xmas Eee PC Application printing IT Addiction email Research money fun BOFH iPhone 3G PS3 Meh world of warcraft MSN Trousers VM ISPA console gadgets SMS symantec recession patent Game Funny dumb Project payment server size policy Bill Gates development copyright Music Steve Ballmer holidays Architecture Google Earth Top 500 man-in-the-middle wifi spam Harry Potter mail snooping Licensing Software documentation Kindle HP Employment library broadband computers Google Palm President support black hat IBM Rumour Energy law Blogging Press Acer YouTube Lotus OS monetisation encryption Spotify Banned Internet crime iPod e web 2.0 Michael Jackson Tesco help XP memory Gateway remote working hacker ID Theft Linux news Business Analysis Hack office fool RATM virus migration books theft avatar virtualisation Microsoft stupidity virtual machine botnet economics technology DNS CAPTCHA Web Development Amazon EU Video Guardian Browsers second life Study iPhone 3GS worm code SSL Paris Hilton meme earth hour Kaspersky Mobile Phones Netbook patch management Supercomputer Army carbon copy remote hypervisor rootkits Windows 7 Mafia poll Mars ROFL games Marketing environment malware biometrics scan Johnny Depp The Federation Beta linkedin students staffing Sony debian scareware RAM ASUS graphics Deal gaming cloud teleworking Rant productivity IDC Top 10 information AMD global betting science hacking digitise USA search tax Opinion shopping MessageLabs christmas Jesus Phone Firefox social networking security survey Noro services prison IP Scotland Palm Pre scam FBI archiving Flash MiniBook Notebooks ISP Olympics Conference GMail Facebook compromise Jobs disclosure fake Media Patents smartphone Mobile Phone App Store Texas Instruments Health open source work eBook family standards Windows Vista Apps Adobe Nintendo Windows Phone 7 Series Big Brother Porn Apple terrorism Experiment Gartner stupid Review Kill Switch computer Voice Madness Government payments football GSM banking Internet Explorer admin nightmare Parenting parental control Cisco ecommerce surveys report InfoSec trust NBC Military Enterprise HPC hardware fraud politics privacy hubdub MSNBC data transactional security innovation BSI network Education Developers sick computing spending adware Election Data Centre Eee Geeks NASA Blog exploit Steve Jobs App Android e-commerce Digital Footprint home millions worker museum phishing McKinnon Battery outsourcing service Space Yahoo School Silverlight Advertising green chips VeriSign economy Russia storage data protection Kin Gadget VPN desktop Performance computing tech Psychic Intel Microchip Zango mobile statistics Retail universe China iPad Sex Programming hoax Twitter acquisition Trojan virtual world OCR iPhone Finjan Digg Obama workplace Psion web Backlash Nexus Death credit crunch
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement