back to article UK driver details lost somewhere in America

Personal details of three million British driving test candidates are currently enjoying an extended fly drive holiday in the US, the transport secretary Ruth Kelly admitted this evening. Kelly told the House of Commons that a hard drive containing the information had disappeared from a “secure facility” in Iowa City, Iowa. …


This topic is closed for new posts.
  1. yeah, right.


    What the hell is UK private data doing in the US, which doesn't have privacy laws (well, none worth mentioning)? Of course, the UK ones are quietly being dismantled too, so it sort of makes sense I guess. Or is this part of that "Safe Harbour" crap that the USA forced Europe to accept under threat of economic retaliation?

  2. RKP
    Gates Horns

    Softly softly catchee monkey

    This is just the govt's way of softening up the populace. One by one different departments will *lose* different data sets, until such time as everyone can be fairly sure that their data is "in the wild". The govt then has us all by the balls and can force us to relinquish all our personal data on the grounds that it's no longer "private and confidential" information anyway...

  3. Anonymous Coward
    Anonymous Coward


    Gosh! Shock, Horror!

    Someone sent a set of Telephone Directories to America and now the names, addresses & telephone numbers of millions of UK citizens may be acquired by an evil-doer.

    Oh dear.

  4. Anonymous Coward
    Paris Hilton


    "She also said that the data did not include financial data or national insurance numbers, so the department did not feel it needed to contact the individuals concerned, although a helpline has been put in place"

    I'm not a sneak thief, but given the information present in the archive, it can't be too hard to e.g.

    1. Telephone a person on the list;

    2. "Excuse me, I'm calling from the DVLC, I believe back in 2004 you undertook one of our tests at (name of centre). You paid £X with your credit card - we have subsequently audited our figures and we actually owe you seven pounds fifty, could we have your bank details please. If you want, you can call us back on this official-sounding number";

    3. Repeat two million, nine hundred and ninety-nine thousand, nine hundred and ninety-nine times.

    Obviously the government has put safeguards in place to stop this from happening, and it's wildly and completely implausible (cough), but just imagine!

  5. Mike F

    The current state of things..

    WIth the way the government seems to treat the protection of our data at the moment I might as well just put my details on a poster and paste it up around the country..

    Knowing my luck they will be taken down as vandelism and disposed of more securly then the last lot of data...

  6. tfewster
    Thumb Up

    "and not sent to any third countries"

    That's OK then, so long as only one other country has copies of my info - Maybe as backup in case has a disaster?

    We need a Sir Humphrey to explain that the data _needed_ to be sent out of the country and that the Mu^HPpet^H^H^Hs didn't need to know

  7. Anonymous Coward
    Anonymous Coward

    Why was the data outside the UK?

    My first thought has already been expressed, why was this data in the US. Secondly, even though HMG isn't going to contact the people affected doesn't the US have a law that compels such action for even the slightest possibilty of a data leak?

  8. Chris G

    A one way conduit

    Is what has always existed between th US and the UK. We give the yanks information and they take it, so this is nothing different. The fact that we paid these people this time to do something with the info means little,the yanks only care about their own wellbeing everything else is secondary. Throughout the cold war we sent information about the Russians to the yanks but they sent very little in return to us( although in this particular case they did always think we had a mole in the British secret services for years, they just never noticed their own mole). Now GCHQ spies on yank mobile phones and send the info to them, they don't reciprocate although it may be that they don't have to as GCHQ probably does it to us anyway.

  9. Anonymous Coward

    Data does have value

    It would be wrong to think that the data has no value as it's no more informative than the phone book.

    Any car insurance company would pay a lot for 3 million validated addresses and phone numbers of potential new customers.

  10. Anonymous Coward
    Anonymous Coward

    @Chris W

    I don't think the US federal government has such a law, but several states do. Most of those state laws say that if the data release includes people from that state, then the organization is required to tell them. I doubt very many of the people affected are residents of Iowa.

  11. kain preacher


    This mostly likely was a private contractor that lost it. we already have your Info. Who do you think has those lost CD's . I wont tell you the name of the other country that got the second set of CD's :)

  12. Nigel Sedgwick

    Date of Birth?

    Did the lost/compromised date include date of birth? It would be nice to know, and also to know that such private data is rated as sufficiently valuable for any risk, or lack of risk, of such compromise to be immediately disclosed by the UK Government.

    Best regards

  13. Dr Wheetos

    I'm suspicious...

    Hmm, so 25 million records fits on 2 CDs but 3 million names and addresses, and not much else, requires a hard drive. I kinda lost the plot here. Why does a hard disk need to travel across the big pond? Surely 1 CD with its contents encrypted would have been adequate? Is someone not telling us anything here?

  14. Dale Morgan

    I finally got nailed

    I was ok when HMRC lost the data

    I was ok when DVLA lost the data

    now the DSA have lost the data and I was more than likley on the database that was lost.

    im not too worried about implications of the data lost, its just worrying that 3 government agencies have lost huge ammounts of data in such a short period of time.

    I understand this time it was a contractor thats at fault but all this defies the laws of proberbility.

  15. Anonymous Coward

    what he meant was:

    >> Kelly insisted that the data was configured specfically for Pearson, and not readily accessible to third parties.

    Translation: Fear not, general public, the data cannot be read by hackers because its in a unreadable Microsoft-proprietary binary format such as an excel spreadsheet or a sql server database, and not ascii plaintext.

  16. Alex
    Thumb Down

    Oh my dear god

    You are F**KING joking me! This is farce, and although I'd vote labour over tory any day, more than one head should roll for a whole load a systematic failures. ]

    And if I wasn't finished a physics degree and to committed to care about having no more research future in the UK due to another effing gov balls-up, then i'd be tempted to sign up, and try and install a culture of common sense.

  17. Anonymous Coward

    Stolen from

    the middle of frozen hell Iowa city in the winter time well you know it was probably just bored people the drive will show up on ebay eventually.

  18. tfewster

    @Alex & others

    1) The Civil Service lost the data, not Parliament; Though one would expect our elected representatives to steer policy for the Civil Service - something like a "Data Protection Act", with appropriate penalties for the individuals responsible? Hmm, I thought we had that...

    2) Labour v Tory - They all make up Parliament, which is what I regard as "the government"; IMNSHO blaming the majority political party is pointless, they're all responsible and all as bad as each other.

  19. Anonymous Coward

    Maybe someone should post MPs private data

    Perhaps they would sit up and take note if their confidential details were plastered all over the inter tubes.

    @Ron Hughes - the point is, it makes the fraudster's life that little bit easier when trying to steal someone's identity.

    @Dr Wheetos - how could you think that a politician is trying to mislead parliament - surely that is sacrosanct (no need for Tony didn't do it, and RK doesn't either. /sarcasm off

    Having been stung today for £300 in fraudulent Red Nose & online gambling debits on my credit card, I'm beginning to wonder if employees are actually selling data their employed to protect.

  20. Mark
    Thumb Down


    ... a use of the phrase “secure facility” that hasn't previously been explored.

  21. dek

    Grrrr, they make me SO angry :-)

    "Kelly insisted that the data was configured specfically for Pearson, and not readily accessible to third parties."

    Please, just for the fun of it, can someone get the gormless git to explain that one. Another example of why politicians of all people should be excluded from any involvement in areas where they don't know their arse from their elbow... hmmm, but then I suppose they wouldn't have anything at all to do.

    +10 to previous poster, my thoughts exactly, it's about time their "private" data was leaked world wide.

  22. Anonymous Coward
    Anonymous Coward

    What about medical data? No review because already routine?

    Recently the DH denied that there was a review into processing patient data abroad - although this review was mentioned in an operating manual for Registration Authorities on issuing smartcards.

    It does make me wonder - could it be that there *was* no review because it is already routine?

  23. Chris
    Thumb Down

    How's that for backup!

    "Kelly today called for backup from the Information Commissioner’s Office, which duly said it did not feel the data breach held as much potential for mis-use as that set free by HMRC."

    That's fantastic backup isn't it? The ICO declares that this breach is not as bad as the worst data breach ever, pt 1. Hardly a rousing endorsement.

    It's like saying the Gulf War wasn't as bad as the WW1. FFS!!!

  24. Anonymous Coward

    CSC and visas, AMDOCS and Telephone records

    That's almost as bad as the CSC Worldbridge thing, where visa applications go to a CSC office and give their fingerprints and photographs to a CSC employee for creating a data file to let them apply for a visa. How naive is that? Handing identity records to a private USA contractor!

    Our juridiction does not cover the USA, their laws do not protect our data, it's clear from the FISA thing, they view our data as records to be mined. There is no way we should be farming out data collecting and processing services to the USA in the present climate.

    There's a similar thing with Amdocs in the USA, USA telephone billing has been farmed out to the Israel company Amdocs which was suspected of being involved in US operations.

    It's like they make privacy laws, then farm the handling of data out to companies based outside the juridiction of the privacy law. How can that possibly be acceptable?

  25. Slaine

    I give up

    I have long craved a time when I could observe a sense of consistency in our governing bodies... THIS IS NOT WHAT I MEANT.

  26. Anonymous Coward

    DVLA data sold - by DVLA

    One point not commented on in the media is that the DVLA provides private parking enforcement firms with the names and addresses of the owners of 'illegally' parked cars. Hence you can get a parking ticket for being in Tesco's car park too long.

    To me this is absolutely disgraceful breach of privacy. Surely only the police should be able to trawl through the DVLA database? The potential for abuse is massive.

    This Government has a cavalier approach to privacy - their lax security procedures, use of overseas processing etc etc are symptomatic of this wider problem.

    Naturally they will plow on with the ID cards fiasco even though anyone who knows anything can see it is a disaster waiting to happen. Preaching to the converted here I know.

  27. Slaine

    Global JobSearch

    Just wait, another couple of government backed "sorry"'s and when we apply for a new job anywhere outside the UK they will say, "No, no. We don't need your CV... hang on, ah yes, here it is... and your address, telephone number, bank account details, driver's licence details, eye colour, dental records, children's DNA portfolios, criminal record, oh - I see you're an organ donor, mmm bit too much beer from Tesco's but... - okay - you're hired."

  28. Anonymous Coward
    Anonymous Coward


    "Most of the individuals listed on the hard drive can be assumed to be in their late teens or early twenties"

    So by extension they can be assumed to be posting every tiny boring detail of their everyday lives on Facebook, Bebo, MySpace and YouTube anyway. I'm sure in far too many cases the data lost in this cock-up is nothing that hadn't already been given away freely by the people it relates to. :(

    More to the point, sending private data to a country where the only privacy guarantee you have is that your details are guaranteed not to be private, well that's just stupid.

  29. Anonymous Coward
    Anonymous Coward

    DVLA data sold - by DVLA

    Re. above. I may have mentioned this before elsewhere but I drive for a living and once over-stayed my welcome in a certain well-known fast-food "restaurant" (I use the word loosely) near one of the UK airports. The owner of the vehicle (as the registered keeper) received a demand for a parking "fine" from a nasty-sounding company calling itself "Civil Parking Enforcement" who had obviously obtained his details from the DVLC, which, to my way of thinking, is totally despicable. What I find equally despicable is that the owner then (without notice to me) passed on my personal details to this private company, about which I was not exactly best pleased. I felt that this may have been a breach of the 1998 Data Protection Act and queried this with the Data Commissioner`s Office. Their reply appears to infer that if anyone thinks that there may be legal action following on, then they are at liberty to divulge information to third parties! .........Just like that! This is presumably why the DVLC are allowed to sell drivers` information to all and sundry. Just what is the criterion for this action? It just appears to be someone`s arbitrary opinion here, without legal advice. Fat lot of good having a Data Protection Act if someone can just say "Yes, I thought there might be some legal action happening here, so I`ve passed on all these juicy private and personal details to just about anybody who asks - or even DOESN`T ask, in some cases!"

This topic is closed for new posts.