WRITTEN ON October 10th, 2008 BY Sir Bonar Neville-Kingdom GCMG KCVO AND STORED IN Data nitwittery, Foundation of Trust, What do we want?

Sir Bonar writes:

I’ve been asked to say a few words about the disappearance of a computer hard drive containing the personal details of about 100,000 of the Armed Forces. The information was being held by EDS, which is the Ministry of Defence’s main IT contractor.

The MoD said it was told the drive was missing on Wednesday following a priority audit carried out by EDS.

It is thought to contain more than 1.5m pieces of information, including the details of 600,000 potential recruits. The MoD police are investigating the drive’s whereabouts, focussing their initial efforts on a fingertip search in the west of England and parts of Oxfordshire.

The first thing we should make clear is that this episode shows things are working properly. The rapid reporting of the incident shows that the new priority audit process introduced under the Cabinet Office data handling review is now working smoothly. EDS, with whom I had an excellent supper just last week, assure me that new upgraded procedures will be in place shortly and are offering full co-operation with the Military Police.

I should also stress, as I have many times before in similar situations, that this is an isolated incident.

Furthermore, we have well-rehearsed procedures for playing down the importance of such incidents, and launching the requisite internal enquiries to establish the precise chain events leading up to the loss. This has been refined over the course of 658 laptop losses and the reported losses of 26 portable memory sticks so far this year.

Indeed, our expertise in handling post-data-loss event chains here in the UK is recognised as world class. I may not have mentioned that we now regularly host senior groups of officials from abroad who want to learn from how we do these things in the UK. As well as the Belgian group who showed an especial interest in how we handle leakage of data about vulnerable children we recently had a group from Saudi Arabia who were very impressed by our procedures dealing with loss of data about our military personnel.

In any event information such as bank details, passport numbers, addresses, dates of birth, driving licence details and telephone numbers are widely available nowadays. There is no particular reason to think criminals would want for example to ring up MoD staff. As for any crook who turned up on the doorstep of some burly Marine expecting to engage in some criminal activity, I expect they would get short shrift.

I think we should here pay tribute to our service pesonnel who are some of the finest in the world. I have no doubt that their leaked details will once again confirm this.

I can confirm the disk was not encrypted. We have noting to hide from whoever stole it, and therefore nothing to fear.