U.K. Government Plagued by Data Loss Scandals

LONDON Nov. 13, 2008 -- Who can the British trust these days with their personal details? Many have been left questioning this as the U.K. Government continues to be rocked on a regular basis by a series of high-profile data loss scandals.

In the wake of the latest embarrassing data blunder, which saw a sensitive government memory stick found in a bar parking lot, Prime Minister Gordon Brown was forced to admit last week that the government can't make any promises when it comes to keeping the British public's personal details safe.

It's a promise that Brown knows his government hasn't been very good at keeping. An audit conducted by the civil rights watchdog Liberty claimed to show that the government had lost 30 million items of data in the past year.

The loss of a memory stick last week was minor in comparison to previous data disasters. Last month the Ministry of Defense lost a disk containing personal details of some 100,000 British military personnel.

In August, a Home Office contractor lost a memory stick containing information of about 84,000 prisoners in England and Wales, along with at least 33,000 police computer records. At the start of the year, details of 600,000 potential Navy recruits got misplaced in Birmingham.

In November last year, HM Revenue and Customs lost child benefit records with details of 25 million people. This was thought to be the world's biggest ID protection failure. These are just some examples.

Information stored digitally is only going to increase according to security expert Andrew Moloney. He told ABC News, "We reckon by 2011 there will be 10 times more digital information than there was in 2006."

Moloney works as the financial services and marketing director for RSA security. "If you think about the portability and the ease with which you can carry about gigabytes of information with you now you have the makings of a perfect storm."

Figures from three government departments reveal that in the past year a public official was questioned or dismissed over data loss nearly every single working day.

Stewart James, partner at law firm DLA Piper, works for the technology, media and commercial group, told ABC news that companies need to effect a cultural shift to protect data. "Society's understanding of the new paradigm of risks and issues introduced by computer technology has not always kept up with the pace of development. All of the data loss scandals have been caused by human error and not by the technology itself."

Moloney agrees that security strategy needs to change focus. "In the past we worried about the perimeter of our organization and securing that against criminals trying to hack in. In reality, the bigger threat for most organizations is good guys doing dumb things."

James points out that the key is protecting the information as it is transported around on mobile media. "Keeping data on these devices in plain text is like driving without a seat-belt. If your laptop is stolen, the information is available to anyone with the most basic of computer knowledge. These devices ought to be encrypted routinely."

Security experts regularly highlight that these databases holding personal details are very appealing to fraudsters. They are clearly laid out and many of the details in them cannot just be changed, such as dates of birth.

According to security experts, there are countless places online where con artists meet to buy and sell data and there is a strong market for this type of information. Although there is not much evidence regarding the hands into which some of this lost data could have fallen, security experts say one of the reasons for this is that fraudsters passing on details usually just mention the data's quality, not where it came from.

In light of all this the Government still plans to continue working on a number of schemes that would require the British public to hand over more sensitive personal information to the state.

One of these proposals is the national identity scheme, aimed at tackling immigration and identity theft. The government hopes that soon every resident in the U.K. will own an ID card. It's expected ID cards will be issued to British citizens next year.

Helen Starr works as a graphic designer in London. She, like many other Brits, is becoming wary of trusting the government with her information.

"When the government can't keep our bank account details, the National Health Service registers or even the Forces information data base safe, it terrifies me that they are introducing even more single core hubs of personal information such as passports with chips and personal ID cards. They need to control the current problems before starting new schemes."

Other projects include a database called Contact-point which will store personal details of every child under the age of 18. Another plan is a database containing details of every sent email, phone call and website visited by every person in the UK for use in terrorist cases.

Plans for new schemes highlight the importance of data protection and the need for the government to regain confidence in the British public. Especially if it wants them to co-operate with what critics and opposition parties have dubbed "the database state."