WRITTEN ON January 12th, 2009 BY William Heath AND STORED IN Data nitwittery, Foundation of Trust, What do we want?

Conditions remain highly favourable to those wishing to steal our data from govermment. See this report from the FT (cheers Glyn!).

Loss of 30m files fails to end risky procedures By Rob Minto
Published: January 12 2009 02:00 | Last updated: January 12 2009 02:00

Staff in some of the biggest government departments, as well as the Driving and Vehicle Licensing Agency, can still freely copy unencrypted information from internal databases, in spite of the loss of nearly 30m personal records over the past two years.

Information obtained under the Freedom of Information Act, and passed to the Financial Times, shows the health and transport departments allow employees to use USB memory sticks – small data storage devices that can fit on a keyring – to copy unencrypted information. Such items have been the cause of several high-profile losses.

Others allow memory sticks if the data are encrypted, such as the Department for Children, Schools and Families, and the Ministry of Justice, but it is not clear whether the encryption is enforced or simply recommended. The Department for Business, Enterprise and Regulatory Reform is one of the few that forces encryption on memory sticks.
…The department for business allows Facebook but blocks Hotmail, Google Mail and Yahoo webmail, while the Department for Transport does the opposite.

The number of staff disciplined for breaches of departmental internet and e-mail usage or “fair usage” policy was also requested, with the Department for Work and Pensions recording 299 disciplinary cases between July 2007 and the end of June 2008.

They also list the tribes in which using USB sticks is still not yet taboo:

Which departments allow access to USB drives (* data encryption is enforced)
Ministry of Justice*;
Department for Transport;
Department for Business, Enterprise and Regulatory Reform*;
Department for Children, Schools and Families (oh for heavens sake!);
Driving and Vehicle Licensing Agency;
Department of Health (D’oH!)

Assuming the normal percentages of nitwits and outright crooks working in the departments affected, we can safely say that any professional criminal who wants copies of our personal details from government would have to be pretty untogether not to have them already, probably several times over.

The enquiry seems to have been done by a PR company called Lewis (file under: “PR company does something worthwhile”. Oh! We need to start a new folder!) Their Wibbi would be to do with ther clients, eg Citrix (whose man Chris Mayers gets name-checked in the piece and makes some good points) or SecondLife or whatever:

– Wibbi they routinely encrypted personal data using Lewis PR’s clients, presmuably (I dunno. Encryption might help, but it’s not a silver bullet and I dont care who they use as long as it works and isn’t too expensive)
– Wibbi they applied consistent social media and emailing policies across all departments (I dunno. I dont care if theyre consistent, as long they’re appropriate in every case)

My own Wibbies would be:

– Wibbi government departments reassessed, rationalised and minimised their holdings of personal data
– Wibbi they routinely applied privacy-enhancing technologies including anonymisation across all personal data sets
– Wibbi they maximised the extent to which they worked with user-held, maintained, integrated and updated data

However: Hurrah for FoI, and cheers for providing these crass and embarrassing answers to these important questions. Hurrah to the FT for not being a Murdoch tabloid and still employing journalists, even if they do take stories spoon-fed from PR companies. This is a good ‘un.

Onwards towards Informational self-determination!