UK Defense experiences fourfold rise in data breaches
When one thinks of institutions like the British Ministry of Defense, one expects tight security. Tight as in you cross us once, we expect you not to cross us twice. Apparently, things go another way, as the MoD, quoted by V3.co.uk, says the number of data breaches they have been exposed to was 4 times higher in the past year.
The Ministry’s latest resource accounts show it suffered eight serious breaches in the 2008 to 2009 period, up from just two in the preceding year. The most serious case lead to the loss of a portable hard disk from a contractor’s premises containing the names, passport information and bank account details of about 1.7 million individuals. That’s a big blow!
Other incidents included the theft of three USB sticks from “secure government premises”, which contained details of all RAF service personnel who served between 2002 to 2008 and some of their next of kin.
And in April last year, an unencrypted laptop was stolen from government premises containing the personal records of 300 people.
The MoD admitted that it had lost electronic equipment, devices or paper documents from outside government premises on 15 occasions, and in six instances they were lost from within government offices.
We’d say it’s about time they actually did something to prevent such breaches! A private company would have probably done so 8 breaches sooner…But then again, it’s public funds, isn’t it?
UK Governement says no to data breach notification law
Although the numbers of data breaches reported in the UK has been significant this year, the UK Government has recently announced it will not implement a compulsory data breach notification law for the private-sector companies. The decision was made after reviewing a recommendation made in July by information commissioner Richard Thomas.
On the other hand public-sector organizations are obligated to report any significant potential or actual data loss. Their private-sector counterparts should report the losses in the spirit of “good business practice”. So if your data is exposed by a public-sector institution and only 2 others have been affected, or if a private company looses thousands of private record but does not see reporting the incident as good practice, you will never find out.
“After considering the analysis of the experience of the US in the area of data-breach notification legislation, the government is not intending to implement similar legislation to that in operation in the US,” states the Response to the Data Sharing Review Report.
Private-sector companies are not clear of all consequences, as fines for organizations found in breach of data-protection laws will soon be raised. According to the same report, The Ministry of Justice is working with the Information Commissioner’s Office to determine the level of the maximum fine.
British party membership list gets posted online
If you are British and have been plotting to stalk a member of the British National Party (BNP) you might just have missed the opportunity. A list with all the party’s members, including names, addresses, and email addresses has recently shown up online. Some of those who just got exposed online are also underage (an extra “benefit” of the family plan BNP offers) and others had mentions of other personal details made public, such as job or hobbies.
As the Register puts it, “That’s how we know that that BNP members include receptionists, district nurses, amateur historians, pagans, line dancers and a male witch.” Members reacted pretty strongly, filing their comments with courses and outrage. As certain professions in the UK are expected to have no political color, they might even lose their job and according to several blog sources, some pretty powerful people in the BNP are to blame for the leak.
BNP spokespersons found out of the leak from the Register, but although completely unaware, they promised to treat whoever is responsible quite harshly!
