It's easy
Don't let then use fucking memory sticks EINSTEIN !!!!!!!!!!!!!
Leeds Council has apologised for losing a memory stick containing unencrypted details of 5,000 nursery-age children. The council originally believed the stick, which was found by a member of the public, contained no sensitive data. It was not encrypted or protected by a password. It contained names, addresses, dates of birth …
"It contained names, addresses, dates of birth, phone numbers, child protection information, ethnicity and whether their parents are claiming benefits."
"it was understood that no sensitive or confidential data was on this stick"
Last time I checked, names, addresses, dates of birth, phone numbers, etc, was all confidential data.
Idiots.
It's not enough... they're in breach of the Data Protection Act... Heads MUST roll... If I was one of the parents involved, then I would be consulting a lawyer right now... Until the DP act sets out clear penalties for breaches that directly affect senior managers of responsible departments (ie they go to jail), then senior managers won't consider the consequences to their jobs/careers/freedom. Somebody ultimately was responsible for the data being on a memory stick... somebody must lose their job at the minimum...
I notice a suspicious lack of info regarding when it was reported lost, allowing us to know just how long it had been missing.
A couple of hours, mistakes can happen and the window for theiving the data is narrow. A few days and the chances of the data being duplicated before returning to a location goes up quite a bit.
Note to any government office, use a hardware encrypted USB memory stick?!?!?!
We use them at our company as standard makes our data policy look like something off of 24. Seeing that if any of our company laptops, desktops and home or usb sticks were lost stolen they would be useless!
Paris as she is HOT!
Am I the only one who thinks what really happened here is something along the lines of:
"Oh bother, we've lost that memory stick with those kids details on it. Still, either no-one will ever find it or if someone does they'll most likely delete / refomat it and stick their own stuff on it, so we'll just claim there was nothing important there and forget about it".
Then whoever found it did hand it in (presumably after looking at the data to see who's it was, unless there was a label on the outside), and the plan derailed all wheels.
TBH as long as organisations allow staff to use computers which are either connected to the Internet and/or have sockets for things like memory sticks, leaks and losses will continue unchecked. It would be possible to install totally secure networks with no external connections and no USB ports or removable disk drives - but the staff would probably then complain they couldn't do their jobs properly, and given the amount of work lots of people in things like education seem to take home with them, that could well be right.
and yet again they lose more data, and this time it's KIDS!
every government agency / civil servant office, should yank the USB ports off the systems, take out all the CD Writers and instantly fire ANYONE that takes data offsite without reason. there's no excuse for losing data with todays levels of encryptions, oh but of course, they're still not using that despite how much public data has been lost over the past couple of years, so, you still all think this ID card is a good idea, I think they'll just have more data to lose by more morons.
GAH!
flames because they can all BURN!
<quote>A Leeds City Council spokeswoman, said: “We take issues of information security very seriously and are very sorry that this breach has occurred. We have guidance in place which seeks to prevent such incidents occurring including advice on using memory sticks.</quote>
Hmm, if they really did care about security they would block the use of memory sticks, or at least use encryption.
When is some independent body going to fine these councils and government organisations (say £100 per record lost). When that happens maybe they will sit up and take notice.
Rob
When will these T0$$erS learn... YES Nu Labour i`m talking about you & your database state. As a parent with a child that will end up on one of these _great_ database's that are Sooooo secure that some Twat will dump to a flash drive & then loose.
There is absolutely no excuse in this day and age. FFS google TRUECRYPT or PGP you useless T0$$ers.
To the parents in Leeds, send your letters off to the Information Commissioners Office. You have my sympathies.
/Reg readers - sry 4 Rant but how long will they allow this to continue. Our so called masters are EXEMPT from ID cards, Databases, etc but we have to put with their $hite...
/Coat - Coz hese f00ls need to collect theirs on their way out.
OK putting this information on there is not the best but if I found something like the dossier that was left on the tube. First stop is a internet cafe with 20£-40£ for photocopying and scanning, then upload to Wikileaks, and finally an envelope so it can be mailed back to some gov't office.
If this process is carried out it would not take long for the gov't to get thier ass in gear and stop this practice of hiring complete idiots.
Fine them? why should the good people of leeds have to cover the cost of their incompetance via increased council tax bills...
just sack the person who lost the stick... sack the head of IT and then sack a randomly selected member of any other team.
Instantly. No ifs. no Buts. Just clear your desk and leave.
See how quickly this kind of stuff stops then.
which relates to statutory penalties for loss of data.
The only reason our legislation happy government wont do it, is because they know they are the first fall foul of it.
At what point will people realise they work in a position of authority and power when they deal with people's data. That bring responsibility.... unfortunately most people follow the facebook definition of privacy and data security.
People should be fired for this.
If they imposed severe financial fines on the council for the loss of the data then we'd only end up paying for it by increased taxes, council tax bills, reduced services due to budget dents.
the only way that some of these muppets will learn is if it hits them directly both in the pocket personally and in time spent in prison.
having said that we'd still be paying for them to stay in prison anyway :(
As the old adages have it, "words are cheap", and "actions speak louder than words."
Clearly Leeds council has people in charge who don't know what they are doing (aka "muppets"), which seems to be a common problem in the UK today. But instead of letting the buck stop on someone's desk (and thereby cause their firing tout le suite), all they do is issue mealy-mouthed apologies which do little other than anger the people affected by this lackadaisical approach to data security.
The thing I wonder about: are these ridiculous data losses a specialty of the UK, or is it just that in other countries they are more successfully kept under wraps? Somehow, I suspect the former, and somehow I have a funny feeling that it's intimately tied up with NuLabour's insane fixation on creating databases. Somebody (lots of somebodies) simply hasn't awakened to the fact that the more data you hoard, the more will be lost.
For added piquancy, there's a suspicion that way too many management types in the UK public sector are hired for their political connections or for reasons of political correctness.
Is Leeds council in the grip of NuLabour, by any chance?
Flame because, yes, I'm ranting.
I work for a local council and we noted early on that USB drives are a security risk.
We now use Ironkey (hardware encrypted USB pen/key drives) and certain teams (i.e mine) are allowed to use Truecrypt on USB harddrives where necessary.
The interesting thing is, today I was setting up a public access terminal and we noticed that USB drives could be used (I had to work out a way of disabling access to them and found a way of disabling usbstore under Windows).
Please don't tint all public service/councils are incompetant retards, some of us work to solve these problems, not to create them.
Posting anonymous as I don't think my employers would appreacte this.
Stupidness is the way of things, it's only ballsups like this that shake a little sense into people. Until the next time.
I just grabbed a couple of HP boxes (P4 and Celeron D, one with Sony SCSI tape drive) with hundreds of people's CVs, VPN settings, logins, emails, assorted other company data, and XP Pro keys. From the bushes by the car park of my block of flats.
Should be a tidy couple of hundred, once erased + formatted of course.
“The loss was immediately reported by the employee concerned ... it was understood that no sensitive or confidential data was on this stick, so no further action was taken. ...once recovered, it became apparent the memory stick did have sensitive information on it that should not have been there."
So the council employee lied to cover up their fecklessness and disregard for peoples privacy and the law? Surely that's a fireable offence.
A Leeds City Council spokeswoman, said: “We take issues of information security very seriously.....
This is, of course, totally untrue. If they really took these crimes seriously, they would not occur.
Immediate sacking and prosecution for any officer who behaves in this irresponsible manner would get the message home.
Even PH would know to use encryption on sensitive data.
@ "'s not enough... they're in breach of the Data Protection Act... Heads MUST roll... If I was one of the parents involved, then I would be consulting a lawyer right now... Until the DP act sets out clear penalties for breaches that directly affect senior managers of responsible departments (ie they go to jail), then senior managers won't consider the consequences to their jobs/careers/freedom. Somebody ultimately was responsible for the data being on a memory stick... somebody must lose their job at the minimum..."
hear hear, the overpaid managers at the top MUST take responsibility. they get the over-inflated pay from cushty council jobs yet never seem to have to take the flak when their people mess up.
until its a prison sentence for leaking data they wont give a damn. i for one would love to see some of the useless local council idiots taken to court over their constant failings of society.
if i accidentally break the law im still punished in the same way as if i intended to break the law. yet they break laws through incompetence and nothing ever happens. of course this would set a precident where MPs might also have to be
@ "When is some independent body going to fine these councils and government organisations (say £100 per record lost). When that happens maybe they will sit up and take notice." sod that! that would mean our council tax would go up or services would get worse. as i said before taking records without permission == theft, losing it == publication of secret materials. should be prison time. if they think they can arrest me and give me upto 15 years in jail for posession of pot then how is stealing and leaking sensitive info not a crime that can give prison sentences!?
...who is getting sick of the knee-jerk reaction on these comment boards that problems like this are the fault of the party in government? (And in passing, NuLabour just looks stupid.)
I think that whether Leeds City Council are Tory or Labour has very little to do with the incompetence of their IT staff, and the stupidity of their employees.
And if any of you think that if or when the Tories win the next election, they'll get rid of the database culture, you're just being naive.