Regulation & Legislation
The Conservative Party will make it an offence for a Crown servant or a government contractor to lose personal data.
The reckless handling of personal data offence was part of a package of measures designed to combat cybercrime unveiled by shadow home secretary David Davis last week.
Davis's proposals follow revelations of the loss of hundreds of government laptops that exposed tens of millions to identity crime.
Speaking at an e-crime conference in London, Davis spelled out measures that largely incorporate the recommendations on personal internet safety made last August by the House of Lords select committee on science and technology, and rejected by government.
computerweekly.com/229725.htm
Security
News that Virgin Media is conducting an internal enquiry into why 3000 customers' bank details were burned to a CD which was then lost passed with little of the fuss usually associated with such incidents, writes Stuart King in his risk management blog.
It has been reported on the BreachBlog and a few other sources. "Maybe it is the relatively small quantity of lost data compared with other recent incidents, or the mainstream press is just starting to get bored with this type of news"
|
Top Stories
The Ministry of Defence lose One laptop every two days with 659 reported stolen and 89 lost by the department in the past four years.
The 659th stolen laptop belonging to an MoD official and containing sensitive information was taken from the Britannia Adelphi Hotel in Liverpool on Thursday.
An MoD spokesman said the laptop was encrypted and Merseyside Police were investigating the theft.
The ministry also revealed last week that 121 of its USB memory sticks had been either lost or stolen since 2004. Information on three was secret and 19 carried data classified as restricted.
computerweekly.com/231573.htm
Security
Security researcher Dan Kaminsky unveiled more details about a fundamental design flaw in the way the internet works at the Black Hat security conference in Las Vegas last Week.
The flaw could lead to e-mails being intercepted and altered without the sender or receiver being aware.
Kaminsky, director of penetration testing at IOActive, told the conference of the extent of a vulnerability in the Domain Name System (DNS). Because of a basic mistake in the way the system operates, all versions of the software that translates domain names into IP addresses can be poisoned using a man-in-the-middle attack that would force computers to visit any server an attacker offered instead of the one they had asked for.
Kaminsky said the IT community must be ready with quick fixes.
"What if there was a discovery and we had no time to patch? We need to start choosing the products we buy based on how serviceable they are."
Security
The Driver and Vehicle Agency (DVA) in Northern Ireland has added to the growing concern over data security by admitting it has lost the details of 6000 people.
The data was held on two unencrypted discs that went missing in transit to the Driver and Vehicle Licensing Agency (DVLA) in Swansea. It was provided in response to a safety recall by a number of manufacturers.
According to the DVA, the number of vehicles is 7685 and the number of vehicle keepers is just over 6000. It said that the key data on the discs consists of keeper name, address,, registration mark of the vehicle, chassis number, model and colour. No personal financial data was involved.
Replacement data to assist with the safety recall has been sent and has arrived at the Swansea offices. It was sent by CD, but delivered personally by senior officers traveling to the DVLA for other purposes.
The blunder followed the loss of two discs containing details of 25m people, after HM Revenue and Customs (HMRC) officials failed to follow the proper procedures for data handling. It happened while an internal review was being carried out into data security procedures.
The review, which was prompted by the announcement of the incident at HMRC on 20 November and took a few days to complete, identified unencryption of data as a weakness. But, according to the DVA, the discs were issued on 20 and 21 November, "continuing a practice which had operated for many years without any problems".
Concern over the government's ability to protect individuals' personal details has escalated since the two password protected discs, containing benefit records affecting 25m people, failed to arrive at the National Audit Office for auditing purposes in mid October.
In the wake of the incident, Gordon Brown ordered a cross departmental review of data security to be undertaken, and gave the Information Commissioner's Office (ICO) spot check powers to investigate government departments.
The ICO described the data security problems at HMRC as a watershed and called for organisations to implement new safeguards to help protect individuals' privacy.
At a conference on the "surveillance society" in Manchester, the ICO launched the UK's first privacy impact assessment handbook, aimed at helping organisations address the risks to personal privacy before implementing new initiatives and technologies.
|
