back to article Tories want data loss prosecutions

The Conservatives have repeated their call for those involved in data losses to face criminal charges, following the Home Office's loss of data on all prisoners. The party said the government should make it a criminal offence for someone to "knowingly or recklessly" cause the loss of data, reports the Observer. The opposition …

COMMENTS

This topic is closed for new posts.
  1. Britt Johnston
    Pirate

    data loss or data reuse

    The German Chaos Computing Club starts from the standpoint that everyone's data has been lost, stolen or resold by now, and therefore suggests to politicians that it makes more sense to regulate the use of such data.

    The fuss in Britain about data loss, the least reliable and controllable of the sources, seems to be a passing storm in the wrong teapot.

  2. Ferry Boat

    Internal Server Error

    It seems to have been a good year for data leaks. I can't remember so many. The government did have a good warm up year last year though. No wonder they were on top form. Maybe a new sport to be introduced at the 2012 Olympics.

    There should be prosecutions. Simple as that. The laws exist (in the main) but I don't know what the guidelines for punishment are. It would be interesting to see how they are dealt with in the US. The US is generally much harsher than the UK on white-collar crimes.

  3. Colin Millar

    Dear Ms Smith

    I will try to keep the words little so that your little brain can manage them

    If it can be downloaded to an insecure device the data is not being held 'in a secure form'

  4. Bronek Kozicki
    Coat

    I'm with tories on this

    ... but they need to ensure that directors of involved company are prosecuted as well as individual employee(s) directly responsible. It is directors who setup policies and approve budgets - both of which have profound security implications.

  5. Anonymous Coward
    Anonymous Coward

    Um..

    >>

    Home secretary Jacqui Smith has denied that the loss of the data was due to failures by her department. "This was data being held in a secure form, but was downloaded on to a memory stick by an external contractor," she said. "It runs against the rules set down in the contract that we had with the external contractor."

    <<

    It is your department's fault. If you have a hole anywhere in your data protection scheme, you protect it. For crying in a bucket, WHY was an external contractor able to use the USB stick in the first place? Ever hear of restricted access?

    Crumbs, next you'll be saying the dog agreed to protect your breakfast, not eat it!

  6. John Macintyre
    Unhappy

    will it work?

    or will they just find some scapegoat at the bottom and blame them instead? it's a way forward but is it really a solution? Sadly I can't think of a better solution rather than, corporates will continue to make themselves blame free...

  7. Anonymous Coward
    Flame

    Memory stick?

    I thought we'd already established that it was a USB flash drive, not a memory stick?

    As for the notion that it is the department's fault, that's mostly bollocks. Whilst the department could easily have disabled the use of USB drives, the external contractor was under an obligation (in the contract which they signed) to keep that data secure. It is entirely their liability.

  8. Anonymous Coward
    Happy

    ID Card

    Can you imagine that 66m ID's going missing ?

    I would only support the ID cards IF (BIG IF) the home sec and the prime minister will be proscuted if the data should go missing or lost.

    Ask them the same question and now see if they are willing to go with the ID card system ?

  9. Gordon Pryra
    Black Helicopters

    How do you proove reckless?

    More shit by a different party, meaningless rubbish

    "knowingly or recklessly"

    Why would someone "knowingly" cause the loss of data?

    Thats already illegal, its called "theft"

    "Recklessly?" Loosing something isn't reckless. Its only human to "loose" things. Whats "reckless" is having an infrastucture that allows that data to pass offsite.

    Which gets us directly to who should take the blame... And we know that those people are above the law.

    So, again, this is just meaningless words. The people asking for the bill would not be beholden to it if they ever got in charge. And the people responsible for the current fuck ups would put you in jail before they ever faced a judge

  10. Frederick Karno
    Coat

    Education.....

    Home secretary Jacqui Smith has denied that the loss of the data was due to failures by her department. "This was data being held in a secure form, but was downloaded on to a memory stick by an external contractor," she said. "It runs against the rules set down in the contract that we had with the external contractor."

    If the system was secure they wouldn't have been able to do it in the first place unless of course what they have actually done is stolen the information in which case we will see prosecutions.Our government seems fond of passing the blame to other people when infact it is totally there responsibilty the way in which the said data is handled how many more times should this so called minister be believed that she is capable of tightening up the system..........when infact the situation is getting worse.

    mines the one with the usb sticks in the pocket

  11. dervheid
    Joke

    @ dear Ms. Smith

    Sorry, you've only confused the poor woman further.

    I don't believe that she fully understands the terms 'downloaded' or 'secure'.

    Allegedly.

  12. Anonymous Coward
    Unhappy

    Data 'loss' is not the issue

    These things seem to be only coming to light when a known copy of the data is reported lost. However they seem to fail to recognise the issue with having copies of this data moving around on portable media (DVD, CD and USB devices). The issue is data leaking, not the loss of an USB stick. I'll bet these cretins think that because e.g. 10 USB sticks went out, and 10 came back at the end of the day, there can have been no data loss. Ditto with the infamous missing 'in the post' data - if it had been handed in by a member of the public I'm sure they would have breathed a sigh of relief that 'no data had been lost'.

  13. Dave

    Criminal prosecutions seem initially attractive

    Of course the Opposition will make the kinds of pronouncements to appeal to the wild-eyed, drooling Daily Mail readers. There is unfortunately, a real differences between corporate responsibility of directors (of limited liability corporations) to their shareholders for proper governance and some sort of analogue being drawn with Governement Ministers and their senior civil servant executives. The Ministers and senior execs FEEL NOTHING when these breaches arise.

    Now, if Ms Smith (or Blears, or Mr Browne, or...) were poked in the eye with a sharp stick each time they, or any employee in their department, caused a breach, then some performance improvement might follow. There is no point pursuing prosecution for these acts of omission and commission - we have to make it HURT those responsible.

    Better, each time a Minister makes a fatuous & ignorant statement, at the despatch box or in an interview, press conference - whatever - i.e. "in a secure form, but was downloaded " or "but a department official emailed it to me, I didn't take it out of the department" then they should be poked in both eyes with 2 sharp sticks.

    Depending on the efficacy of their remaining vision, I am convinced beyond all doubt that Ministers would soon be poking senior execs in their eyes. Then the message that security breaches hurt would be real for thee people and Departmental enforcement of EXISTING POLICY would be stepped up, pretty swiftish.

  14. Elmer Phud

    I wonder . . .

    . . . if they'd be so vigilant if they were in office? Mind you, when they were in the driving seat even asking them about 'freedom of information' was almost seen as treason. The current mob have only built on the model set up over many years of dodging and obscuring info - which way was the Belgrano pointing? and many others. Information leaks were done the proper way then, no bloody Cd's to lose - papers straight to Moscow instead.

    Despite noises to the contrary they won't have any information leaks from their pet Boris - so far there hasn't been anything of substance from that direction, only if's and but's and maybe's. Any actual policies from Head Toff? - nope, no information leaks there either.

    Smoke and mirrors.

    (apols for grocer's apostrophe - couldn't help it)

  15. Markie Dussard
    Stop

    What dullness

    How bereft of imagination are both the Tory party and some of you numpties.

    Is that the only response to anything we don't like - prosecute someone? Does that engender respect or a culture wherein we can learn from mistakes?

    Sure, let's blame someone - anyone? - and make them pay - that'll ensure that next time a mistake gets made, we find out about it in a timely and open manner.

  16. Paul Buxton
    Coat

    FYI Jacqui Smith

    It is possible to restrict access to USB ports. I guess your system isn't as secure as you think. How much did it cost me, the taxpayer? I'm sure if I'd have purchased this system I would have got a better deal and maybe even some security.

    Your department is responsible for holding this data, the data was lost yet it's not your responsibility? How does that work then?

    Grow some bollocks and admit when you're wrong, it would be rereshing to see this quality in a politician. And while you're about it Jacqui, grow a fucking brain too.

    Mine's the one with the memory stick in the pocket containing details of all of my company's customers which is for sale to the highest bidder because I won't be fucking prosecuted for it.

  17. Sam

    Does this mean

    That a few BT retail scumbags/managers are due a spell in the slammer over the Phorm scandal?

  18. This post has been deleted by its author

  19. Anonymous Coward
    Stop

    One of the problems

    In my time in the military, I noticed a practice which it wouldn't surprise me if it still persisted. When you got a contractor in to work on a project, you could go to the security people and ask them to approve a direct line to the contractor so that they could access data. The security people would gnash their teeth, and start writing security policies, and if you were really lucky, 6 months later you would be ready to connect them. By which time, everything they needed had been burnt onto CD ROM and shipped to them. But, the shipping contract was handled by someone else, so when you said the contents were sensitive and had to be shipped accordingly, they got thrown in the mail bag with everything else. The policies suck. In trying to stop hacking attacks on the government networks, they are allowing all the data out the back door instead.

    Now, compare that to a bank (which is where I currently work). Banks have lots and lots of sensitive data, and they actually employ a lot of ex-military security types. But they also have a good dose of common sense as well. When I need to work with a contractor, I can get a line set up with them almost instantly. I might have to give them one of our machines at their end to use, but it isn't hard to get it authorised. If I want to connect to someone big, like an exchange, I can have the line up in no time at all. Most of the time is spent making sure the connection is resilient to outages, and the security stuff is boiler-plate. Yes, you need excellent security to stop some scrote coming over your firewall and stealing everything, but these days, that security should allow you to do all the things you still need to do, without resorting to disks in envelopes.

  20. Colin Bull

    Data Protection

    If PA Consulting are acting as consultants, why should they have live data ? Why were they not given anonymised data. The data protection act should be used to enforce this. So why is the Data Protection czar not prosecuting the Home Office and PA consultants.

    For all the good these quangos do, Data Commisioner, Ofcom etc they should start an FA consultants to do what they are good at - sweet FA.

  21. Liam Johnson

    @Markie Dussard

    You forgot to add your imaginative suggestion to the end of your post.

  22. Christoph
    Flame

    Well, that's OK then - no problem.

    The person who lost the data was 'breaking the rules'. So obviously the system isn't really insecure, because that person shouldn't have been so naughty.

    All we have to do is make sure that the naughty people are spanked, and then the system which lets them spray confidential data all over the landscape will be perfectly and absolutely secure because they'll know not to do that anymore.

  23. Bronek Kozicki

    @GameCoder

    well said. Same goes for un-encrypted wireless communication of private data etc.

  24. Charles Elwood

    Catch 22

    But data leaks can be prevented by using encryption. Well until you realise it's an offence to have data you refuse to decrypt if the police demand it. I guess that's why encrypted data is often supplied with the appropriate passwords on a post-it note.

  25. NB
    Paris Hilton

    a littl offtopic

    I know this is off-topic but I see this abuse of the English language in almost every thread and Gordon Prya is one of the chief offenders.

    WHEN SOMETHING IS LOST THE TERM IS 'LOSE' NOT, I REPEAT, NOT 'LOOSE'.

    It's really very simple.

    LOSE not only means to be defeated in a game or battle or some similar event, it also means to misplace something to the effect that that thing, object, abstract or otherwise cannot be found.

    LOOSE means something that is not tied or stuck or held down tightly, or something that, in all probability, could be tighter.

    Paris because I bet by now she could be a bit tighter.

This topic is closed for new posts.