back to article Government still losing at least a computer a week

A year and a day after losing child benefit records for every family in the UK and promising to reform data handling the British government is still losing a laptop every single week. Figures collated from Parliamentary answers reveal the government has lost 53 laptops since 20 November 2007 when Alistair Darling told the …


This topic is closed for new posts.
  1. Matthew Robinson
    Thumb Up

    One a Week?

    Do you think they could 'lose' one my way?

  2. Chris Miller

    Hardly surprising

    If the number is accurate, it sounds surprisingly (and creditably) low to me.

    It would be interesting to know how many laptops are in the hands of gov departments (and their contractors) - I'm sure it must be thousands. Anyone who is responsible for more than a hundred laptops knows that 'shrinkage' is inevitable - whether though stupidity, negligence or targeted theft. If you need to use portable devices, occasional losses are the cost of doing business, you can (and should) minimise the risk, but you can't eliminate it completely.

    The best solution is to ensure that no data is held locally (<cough>Citrix</cough>) or, failing that, strong encryption (preferably not involving a password stuck underneath the device). The 'unloseable' portable device has never existed and will never exist.

  3. this

    MOD and HO

    So, the MOD and HO didn't respond! The most important departments as far as data loss is concerned, 'asked' by parliament and didn't respond? A fine demonstration of the power of parliament.

  4. Ash

    We don't need a review of policies

    We need hefty fines and prison sentences for INDIVIDUALS RESPONSIBLE for the loss of equipment containing unsecured personal data.


  5. Steve Brownjohn

    that's not enough ...

    ... they'll have to lose far more than that if they really want every family to have access to a computer (and thus for the gov to have access to their IP logs)

  6. Stuart
    Thumb Down


    I'm surprised the numbers are so low. If there is a story it might be under reporting because of the hysterical reaction to lost government computers. Golly I lost a company laptop (carefully hidden) during a normal household robbery. I guess quite a few here have had a mobile stolen. Given the large numbers of civil servants who have to use mobile IT - how many would you expect to lose by muggings etc - ie where the civil servant was not culpable?

    I suppose that figure is the reminder that data will always be lost, however you try and protect it. Standard rules, don't have more than you really need, distribute it , make sure you don't have 'single points of entry' and pretty much anything this government has rejected. A walkabout laptop/mobile/stick should have no more impact than the cost of the device itself.

    This is just the Tories fishing for bad news rather than taking on the real issues on government data grabs.

  7. Z

    Not found?

    "Despite a £20, 000 reward for the child benefit discs and a 47-officer strong police investigation they were never found."

    Did they check ebay? I'm sure that 20k would have snatched up all copies of the disk!

  8. RogueElement
    Paris Hilton

    Math-bot Explanator

    "Records for 25 million people, relating to child benefit payments for 7.25 million families, were sent using the HMRC's own postal system, called grid, but never arrived" - reward of £20,000 ... making the security of each family 'worth" slightly less than 0.3pence (or each individual a staggering 0.08pence).

    Call me old fashioned, but I suspect that there is a better price available in Nigeria.

  9. Nick

    Hardly Surprising.

    It can't really be a surprise that at least one a week goes 'off the radar' given the massive PC estate that the Government runs. Any large enterprise would probably suffer from similar problems.

    You're never going to be able to stop staff leaving them in taxi's, the general public stealing them, assets being moved without permission or laptops not being collected from staff who leave. What it does highlight though is that its ESSENTIAL to ensure ANY data storage is encrypted and that your asset management systems accurately lists all accesses available so that when the loss is discovered, you remove access permissions.

  10. Slartybardfast
    Thumb Down

    So What!

    This is one of those fairly meaningless stats without any reference.

    So that's one a day out of how many owned by the Gov?

    1 a day sounds bad but is it?

    Recent studies have shown that at US airports approx 12000 laptops are lost each week., that's over 600000 a year.

    UK and EU Airports also have a problem with approx 4000 being lost each week, Heathrow accounting for 900 per week on average.

  11. Rachel

    Lost Data Discs

    "Despite a £20, 000 reward for the child benefit discs and a 47-officer strong police investigation they were never found."

    Personally, I doubt they ever existed. Two discs gone missing between one department and another? Sounds like a classic case of the old 'No, of course I didn't forget to send them! What? Do you mean to say they never showed up?'

    All it takes is for it to be reported to an unusually conscientious person with any idea of the actual magnitude of this kind of loss, and what was previously a fib to get you out of a tight spot is now a major news story and police investigation.

    On the positive side, this (as I believe) fake data loss story did seem to prompt other government departments to start 'fessing up to their own losses, which as we've seen are substantial.

  12. DutchOven


    ...or "re-assigned" to a job browsing the net in an employees spare room?

    I'll get me coat - the one with the "missing" hardware in the pocket.

  13. Charles

    For the sake of national security...

    ...perhaps the use of all portable media devices in any way, shape, or form should be forbidden from use in any public facility. Any public person caught doing so should be regarded as a terrorist or enemy spy and treated accordingly. Note that this not only encompasses USB sticks, discs/disks, and laptops, but also paper--after all, spies cannot photograph or copy what is not written down.

  14. Paul



    Realy get a grip. Have you never lost anything? I didnt see any mention of unsecured data in the artical? Perhaps with that kind of knee jurk reaction you would make a good MP...

  15. michael

    to give context

    my company numbering about 300 imployes lost 4 laptops in 1 year

    but as a result I am now involved in rolling out a truecrypt system to all employes

  16. Anonymous Coward
    Anonymous Coward


    Nope, guess again, I've got 'em.

    Anon because, well...

  17. Luther Blissett

    Alice in Blunderland - Radio Luther's spin du jour

    "Don't care, won't care." Nuff said. What a bunch of Red Queens.

    That Shaps chap is one to watch. I wonder what his vus are on the dial 080808 Ossetia adventure. Same as Callme Dave's peradventure?

  18. Anonymous Coward
    Anonymous Coward

    we don't need no steeking titles

    >Despite a £20, 000 reward for the child benefit discs and a 47-officer strong police investigation they were never found

    I seem to remember they went via a certain delivery company, who are probably the ones who lost them. If that is the case, then the disks are in Belgium. I worked on the system that would have tracked the disks, and it has a default of "if not sure, deliver to main depot in Belgium".

    But my main comment is simple - the government needs to implement a simple "if you lose or leak data on individuals, you go to jail" policy. On the other hand, non-personal data related to government, that should be public - they're our government, we should be entitled to know what they're up to.

  19. Anonymous Coward
    Anonymous Coward

    What else?

    How many other things have gone missing without being reported.

    How many departments allow users to use any USB media without encryption? Would such a user report the fact that they'd copied some data to their personal USB stick and lost it, or would they keep quiet and go out and buy another USB stick?

    How many users have manage to get sensitive data onto their home PCs? How easy is it, on the government's networks, to export some data to a flat file and then copy that data to removable media or email it out? How many users manage to lose track of data like that?

    But if things like that do go on I doubt that ministers even want to know about it. So long as they don't know about it they don't have to report it.

  20. Anonymous Coward

    @stuart - just the Tories fishing for bad news

    Spot on. Nothing at all like the Stasi currently running things (into the ground)

  21. Anonymous Coward
    Thumb Down

    Re: We don't need a review of policies

    @Ash: usually, we reserve that kind of action for criminals convicted of a crime.

  22. RW

    @ Ash

    "We don't need a review of policies . We need hefty fines and prison sentences for INDIVIDUALS RESPONSIBLE for the loss of equipment containing unsecured personal data. Simple."

    Ah, but which individual is responsible, pray tell? The lowly flunky who had the misfortune to have a laptop stolen while refreshing himself after an arduous workday? Or his manager, who clearly didn't *manage* him? Or the operating policy wonks who fill notebooks inches thick with detailed, explicit policies, but never trouble themselves to tell the troops about them? Or, God forbid, the minister responsible for the department at fault? (BTW, what ever happened to the concept of ministerial responsibility? Did Wakkyjakky have her way with it? <shudder>)

    Ash's emphatic demand that _somebody_ be held accountable is understandable given the repeated demonstrations of public sector IT muppetry, but I fear his proposal would become an excuse to make the proverbial lowly flunky a scapegoat for more profound failings much higher up in the hierarchy.

    And thus serve as a mechanism for those truly responsible to escape all blame. Since it seems to be a guiding principle of NuLabour that all blame must be avoided, you can see how the proposed policy would play into the hands of Those We Love to Hate.

  23. Charles


    The loss of sensitive and especially classified government data IS a crime, as it is a failure of adhering to government protocols and potentially even a threat to national security.

    Anyway, if you want to protect sensitive data, you must treat it like a scant resource--only to be handled as absolutely needed and under full audit. How's this for a working theory. First, ensure only one active copy of any file exists--disable copying, moving, deleting, and the "Save As" function system-wide (this will handily take care of removable media as well). Backups are permitted only on an encrypted system-wide basis. If a copy *must* be made, then it must be cleared by security--such security people only possess permission to alter permissions, not files themselves outside their own internal scope. All files should possess full version tracking so each and every edit can be tracked. Laptops in such a system should be registered, possess GPS trackers and should really be no more than thintops--encrypted remote login devices with no local storage to speak of. If data *must* be taken to a location where the Internet is not reliable, then the laptop should only contain as much data as needed and require two-factor authentication just to turn it on--and it must be brought by two people (as remotely separate as feasible), each possessing only one of the factors. Basically, treat it like a priceless treasure because it just may well be.

  24. Charles


    Easy. They're *ALL* to blame. The flunky who forgot to lock down his laptop before having a pint, the manager for assigning an untrustworthy person to the task, the OP wonks for populating the laptop with more than was necessary, for not forcing encryption, and probably for not using a "thintop" access policy, and the minister for not setting up a DTA data protection policy nor enforcing what's already there. *Someone* must be held accountable, but that doesn't necessarily mean the blame must be limited to *one and only one* someone.

This topic is closed for new posts.