Security of Data
Submit Articles Back to Articles
The loss and compromise of sensitive data by the Revenue has left most of us
dumbfounded as every security precaution that could have been provided to
protect this data were totally ignored.
Security professionals across the country gasped in amazement as the story
unfolded. If a private company had lost this amount of data the Data Protection
Act would be invoked and a criminal investigation and prosecution would follow.
Will this happen in this case? I doubt it. Will the truth come out? Again I
doubt it particularly as Civil Servants have been told to keep quiet or risk
prosecution under the Official Secrets Act.
Government departments with their immunity from prosecution are often
cavalier with the rules that apply to the rest of us.
This scandal should bring down the Government or as an absolute minimum
result in the sacking of the Chancellor.
However for the law-abiding and professional users of data here are the basic
precautions that should be taken when transmitting sensitive data:
- Never send data over the internet unless securely encrypted;
- Never send more data that is actually required;
- If data is to be burned onto CD or DVD, it must be properly authorised and
the disks numbered, monitored and tracked.
- Never send disks of this type by post;
- If they need to be sent to another location, a hand to hand transfer is
most secure followed by a data tracking delivery and lastly by a registered
- Once the disks have been used they should be returned to the originator by
a secure method for destruction.
- If there is an apparent loss of disks then an immediate and high priority
search should be made and interested parties informed.
These are the basics which seem to have been ignored by the custodians of our
If the Government is to hold even more data (ID cards for example) then their
systems have to be bomb proof.
Industry is adopting ISO27001 - information security management - to protect
data and so it should. It is a sad reflection on HMG that these standards are
not adopted by them.
About the Author
Chris Eden FIBA MISSA AIQA is a director of Quality Matters Limited an
established independent management consultancy specializing in
Information Security Management Training courses.
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2007-12-03 20:52:37 in Computer Articles