11 December 2007 14:22 GMT
More lost data.
During the lunchtime news bulletins I heard another report of data loss by a UK government agency. Sure enough, digging around for more details there are reports starting to appear confirming the story [1,2]. It would appear two discs being sent from the Driving and Vehicle Licensing Authority (DVLA) in Northern Ireland have gone AWOL whilst being transported to another agency. And, of course, the data on the discs is not encrypted - just like with the larger data loss debacle recently reported [3].
Ok, so the data does not contain financial information. But it does include detailed information about several thousand vehicles and their owners, which I am sure could easily be misused by those so inclined. High profile cases of data loss are concerning for all affected. Perhaps the one positive side effect will be an increased awareness of the importance of data security within government and business. Just as well, reports I read and hear suggest there is lot of ground to cover.
One of the main challenges is to define processes that are resilient to inevitable human errors. I cannot recall the exact details (I was driving at the time) but in an interview discussing the latest lost discs, reference was made to another public authority where a document was recently sent out allegedly containing sensitive data. The cause? Someone had accidentally embedded a spreadsheet within the file.
Fraser Howard, SophosLabs UK
