back to article Leeds Council loses kids details

Leeds Council has apologised for losing a memory stick containing unencrypted details of 5,000 nursery-age children. The council originally believed the stick, which was found by a member of the public, contained no sensitive data. It was not encrypted or protected by a password. It contained names, addresses, dates of birth …

COMMENTS

This topic is closed for new posts.
  1. ShaggyDoggy

    It's easy

    Don't let then use fucking memory sticks EINSTEIN !!!!!!!!!!!!!

  2. NukEvil
    Flame

    Not news...

    "“We take issues of information security very seriously..."

    Now where have I heard that before? And how many times?

    Flame because sooner or later, you know that someone is gonna get burned over the massive volumes of data lost by all levels of government...

  3. Steven
    Stop

    I know...

    We'll say there was nothing important on it, afterall no one will ever find it and hand it in, Doh!

    FAIL

  4. Paul
    Stop

    Its easy....

    .... DON'T BUY UNENCRYPTED MEMORY STICKS. And threaten to sack anyone who brings their own. It works well in the fairly large telco I work in...

  5. ElFatbob

    Why?

    are public sector employees allowed to download this type of information to memory sticks, at all?

  6. Dunstan Vavasour
    Coat

    Ho Hum

    "The council could not explain how, or why, the information was put on the memory stick in the first place."

    No doubt they will put systems and safeguards in place to make sure this can never happen again until next time.

    Now, what's this in my coat pocket?

  7. Vincent
    Thumb Down

    Um...

    "It contained names, addresses, dates of birth, phone numbers, child protection information, ethnicity and whether their parents are claiming benefits."

    "it was understood that no sensitive or confidential data was on this stick"

    Last time I checked, names, addresses, dates of birth, phone numbers, etc, was all confidential data.

    Idiots.

  8. paulc
    Thumb Down

    apology???

    It's not enough... they're in breach of the Data Protection Act... Heads MUST roll... If I was one of the parents involved, then I would be consulting a lawyer right now... Until the DP act sets out clear penalties for breaches that directly affect senior managers of responsible departments (ie they go to jail), then senior managers won't consider the consequences to their jobs/careers/freedom. Somebody ultimately was responsible for the data being on a memory stick... somebody must lose their job at the minimum...

  9. Anonymous Coward
    Unhappy

    Sack them

    If they broke such a serious policy and thus committed a criminal offence, someone should be sacked, or the organisation should be prosecuted, just as the Searchlight operatives who leaked the BNP list have been.

  10. Anonymous Coward
    Alert

    Words fail me

    Can someone just point these muppets at Truecrypt?

  11. Rob Burke
    Flame

    Is another loss of info needed to help convince the rest that ID cards are not a good idea?

    ... every little helps!

  12. Barry Tabrah
    Thumb Up

    Keep 'em coming

    We are continually asked why we are insisting that our council staff pay £50 for a 1GB memory stick when they can pick up a bigger memory stick for a tenner down at Argos.

    It's articles like this that help make our point.

  13. alphaxion

    hmm

    I notice a suspicious lack of info regarding when it was reported lost, allowing us to know just how long it had been missing.

    A couple of hours, mistakes can happen and the window for theiving the data is narrow. A few days and the chances of the data being duplicated before returning to a location goes up quite a bit.

  14. Ryan
    Paris Hilton

    hardware encrypted USB stick anyone

    Note to any government office, use a hardware encrypted USB memory stick?!?!?!

    We use them at our company as standard makes our data policy look like something off of 24. Seeing that if any of our company laptops, desktops and home or usb sticks were lost stolen they would be useless!

    Paris as she is HOT!

  15. Pyromancer
    Go

    Am I the only one?

    Am I the only one who thinks what really happened here is something along the lines of:

    "Oh bother, we've lost that memory stick with those kids details on it. Still, either no-one will ever find it or if someone does they'll most likely delete / refomat it and stick their own stuff on it, so we'll just claim there was nothing important there and forget about it".

    Then whoever found it did hand it in (presumably after looking at the data to see who's it was, unless there was a label on the outside), and the plan derailed all wheels.

    TBH as long as organisations allow staff to use computers which are either connected to the Internet and/or have sockets for things like memory sticks, leaks and losses will continue unchecked. It would be possible to install totally secure networks with no external connections and no USB ports or removable disk drives - but the staff would probably then complain they couldn't do their jobs properly, and given the amount of work lots of people in things like education seem to take home with them, that could well be right.

  16. Jason Rivers
    Flame

    yet again

    and yet again they lose more data, and this time it's KIDS!

    every government agency / civil servant office, should yank the USB ports off the systems, take out all the CD Writers and instantly fire ANYONE that takes data offsite without reason. there's no excuse for losing data with todays levels of encryptions, oh but of course, they're still not using that despite how much public data has been lost over the past couple of years, so, you still all think this ID card is a good idea, I think they'll just have more data to lose by more morons.

    GAH!

    flames because they can all BURN!

  17. Rob Beard
    Black Helicopters

    Laughable security

    <quote>A Leeds City Council spokeswoman, said: “We take issues of information security very seriously and are very sorry that this breach has occurred. We have guidance in place which seeks to prevent such incidents occurring including advice on using memory sticks.</quote>

    Hmm, if they really did care about security they would block the use of memory sticks, or at least use encryption.

    When is some independent body going to fine these councils and government organisations (say £100 per record lost). When that happens maybe they will sit up and take notice.

    Rob

  18. Anonymous Coward
    Coat

    T0$$ers

    When will these T0$$erS learn... YES Nu Labour i`m talking about you & your database state. As a parent with a child that will end up on one of these _great_ database's that are Sooooo secure that some Twat will dump to a flash drive & then loose.

    There is absolutely no excuse in this day and age. FFS google TRUECRYPT or PGP you useless T0$$ers.

    To the parents in Leeds, send your letters off to the Information Commissioners Office. You have my sympathies.

    /Reg readers - sry 4 Rant but how long will they allow this to continue. Our so called masters are EXEMPT from ID cards, Databases, etc but we have to put with their $hite...

    /Coat - Coz hese f00ls need to collect theirs on their way out.

  19. N

    Here we go again

    Beano annuals down the backs of the trousers for Leeds city council.

    Just how long will it be before these and other government departmental dorks grasp the painfully obvious?

  20. Anonymous Coward
    Stop

    Honestly

    Is there really a need to carry around this sort of data on a memory stick? Haven't people heard of remote access should they require it?

    Same goes for all the "sensitive information" that seems to be placed on laptops and allowed to leave Military bases...

  21. Jamie
    Linux

    Wikileaks

    OK putting this information on there is not the best but if I found something like the dossier that was left on the tube. First stop is a internet cafe with 20£-40£ for photocopying and scanning, then upload to Wikileaks, and finally an envelope so it can be mailed back to some gov't office.

    If this process is carried out it would not take long for the gov't to get thier ass in gear and stop this practice of hiring complete idiots.

  22. Thomas Jolliffe
    Thumb Down

    Leeds City Council...

    ...is a joke as it is. Fuck-ups like this aren't surprising to me in the slightest, I have to say.

  23. Justabloke

    re Laughable security

    Fine them? why should the good people of leeds have to cover the cost of their incompetance via increased council tax bills...

    just sack the person who lost the stick... sack the head of IT and then sack a randomly selected member of any other team.

    Instantly. No ifs. no Buts. Just clear your desk and leave.

    See how quickly this kind of stuff stops then.

  24. Tim

    Mmmm

    "The council could not explain how, or why, the information was put on the memory stick in the first place."

    Why not just ask the person who reported it as lost? Maybe they were selling it to the local peadophiles.

  25. Anonymous Coward
    Stop

    Dead letter drop

    That's what it sounds like to me - A copies the stuff and leaves it in a pre-arranged location ready for B (whom he does not know and will never see) to pick up.

    Except that Joe Q Public finds it first - always a risk in such a scenario.

  26. Anonymous Coward
    Thumb Down

    for once a law is needed

    which relates to statutory penalties for loss of data.

    The only reason our legislation happy government wont do it, is because they know they are the first fall foul of it.

    At what point will people realise they work in a position of authority and power when they deal with people's data. That bring responsibility.... unfortunately most people follow the facebook definition of privacy and data security.

    People should be fired for this.

  27. Anonymous Coward
    Stop

    fines for councils...

    If they imposed severe financial fines on the council for the loss of the data then we'd only end up paying for it by increased taxes, council tax bills, reduced services due to budget dents.

    the only way that some of these muppets will learn is if it hits them directly both in the pocket personally and in time spent in prison.

    having said that we'd still be paying for them to stay in prison anyway :(

  28. RW
    Flame

    More lies and empty apologies

    As the old adages have it, "words are cheap", and "actions speak louder than words."

    Clearly Leeds council has people in charge who don't know what they are doing (aka "muppets"), which seems to be a common problem in the UK today. But instead of letting the buck stop on someone's desk (and thereby cause their firing tout le suite), all they do is issue mealy-mouthed apologies which do little other than anger the people affected by this lackadaisical approach to data security.

    The thing I wonder about: are these ridiculous data losses a specialty of the UK, or is it just that in other countries they are more successfully kept under wraps? Somehow, I suspect the former, and somehow I have a funny feeling that it's intimately tied up with NuLabour's insane fixation on creating databases. Somebody (lots of somebodies) simply hasn't awakened to the fact that the more data you hoard, the more will be lost.

    For added piquancy, there's a suspicion that way too many management types in the UK public sector are hired for their political connections or for reasons of political correctness.

    Is Leeds council in the grip of NuLabour, by any chance?

    Flame because, yes, I'm ranting.

  29. Pierre

    "We take issues [...] very seriously"

    I finally got what they mean by that: "We very seriously keep on trying to provoke such issues".

    Should we tell them that leaking personal data is supposed to be a *bad* thing?

  30. Anonymous Coward
    Stop

    Ironkeys

    I work for a local council and we noted early on that USB drives are a security risk.

    We now use Ironkey (hardware encrypted USB pen/key drives) and certain teams (i.e mine) are allowed to use Truecrypt on USB harddrives where necessary.

    The interesting thing is, today I was setting up a public access terminal and we noticed that USB drives could be used (I had to work out a way of disabling access to them and found a way of disabling usbstore under Windows).

    Please don't tint all public service/councils are incompetant retards, some of us work to solve these problems, not to create them.

    Posting anonymous as I don't think my employers would appreacte this.

  31. Suburban Inmate
    Thumb Up

    Meh, business as usual.

    Stupidness is the way of things, it's only ballsups like this that shake a little sense into people. Until the next time.

    I just grabbed a couple of HP boxes (P4 and Celeron D, one with Sony SCSI tape drive) with hundreds of people's CVs, VPN settings, logins, emails, assorted other company data, and XP Pro keys. From the bushes by the car park of my block of flats.

    Should be a tidy couple of hundred, once erased + formatted of course.

  32. Joe
    Stop

    So the employee lied too?

    “The loss was immediately reported by the employee concerned ... it was understood that no sensitive or confidential data was on this stick, so no further action was taken. ...once recovered, it became apparent the memory stick did have sensitive information on it that should not have been there."

    So the council employee lied to cover up their fecklessness and disregard for peoples privacy and the law? Surely that's a fireable offence.

  33. Anonymous Coward
    Alert

    There is no privacy

    The flying spaghetti monster know all.

    His noodley appendage has access all areas!

  34. Dr Patrick J R Harkin

    And now the data mining begins

    With a quick SQL INNER JOIN statement, we can see how many 2 year olds are members of the BNP...

  35. Anonymous Coward
    Paris Hilton

    Seriously?

    A Leeds City Council spokeswoman, said: “We take issues of information security very seriously.....

    This is, of course, totally untrue. If they really took these crimes seriously, they would not occur.

    Immediate sacking and prosecution for any officer who behaves in this irresponsible manner would get the message home.

    Even PH would know to use encryption on sensitive data.

  36. Pascal Monett Silver badge

    advice on using memory sticks

    Company-wide policy at the OS level forbidding USB to work, plain and simple.

    True security is not leaving any leeway for mistakes to happen.

  37. Lee

    What they really need is control

    Mobile Device and Media Control. Sanctuary. Control Guard. McAfee Device Control.

    ANYTHING....!

    You have to remember that, unless enforced with technology, you're still pissing in the wind.

  38. Ascylto

    Muppets!

    These Muppets (Local Authorities) are to be given access to the data stored in the National Identity Database.

    If this weren't so serious, I'd cry / laugh / kill.

  39. Dan Silver badge

    Group policy editor

    Why is it so complicated?

  40. Liam

    ffs - AGAIN?!!?!?!?

    @ "'s not enough... they're in breach of the Data Protection Act... Heads MUST roll... If I was one of the parents involved, then I would be consulting a lawyer right now... Until the DP act sets out clear penalties for breaches that directly affect senior managers of responsible departments (ie they go to jail), then senior managers won't consider the consequences to their jobs/careers/freedom. Somebody ultimately was responsible for the data being on a memory stick... somebody must lose their job at the minimum..."

    hear hear, the overpaid managers at the top MUST take responsibility. they get the over-inflated pay from cushty council jobs yet never seem to have to take the flak when their people mess up.

    until its a prison sentence for leaking data they wont give a damn. i for one would love to see some of the useless local council idiots taken to court over their constant failings of society.

    if i accidentally break the law im still punished in the same way as if i intended to break the law. yet they break laws through incompetence and nothing ever happens. of course this would set a precident where MPs might also have to be

    @ "When is some independent body going to fine these councils and government organisations (say £100 per record lost). When that happens maybe they will sit up and take notice." sod that! that would mean our council tax would go up or services would get worse. as i said before taking records without permission == theft, losing it == publication of secret materials. should be prison time. if they think they can arrest me and give me upto 15 years in jail for posession of pot then how is stealing and leaking sensitive info not a crime that can give prison sentences!?

  41. Martin
    Stop

    Am I the only one....

    ...who is getting sick of the knee-jerk reaction on these comment boards that problems like this are the fault of the party in government? (And in passing, NuLabour just looks stupid.)

    I think that whether Leeds City Council are Tory or Labour has very little to do with the incompetence of their IT staff, and the stupidity of their employees.

    And if any of you think that if or when the Tories win the next election, they'll get rid of the database culture, you're just being naive.

  42. Uncle Slacky Silver badge

    @Vincent

    ITYF that all that info is publicly available - see the phone book, electoral register, birth certificates...

  43. Simon B
    Flame

    NOBODY EVER LEARNS

    NOBODY EVER LEARNS - Full of fking idiots this country is.

  44. Lottie
    Stop

    Egads!!!

    The employee needs firing, their manager needs firing and the ICT dept need a right bollocking for not making sure that encription/ paswording of documents was a policy for memory sticks.

This topic is closed for new posts.