UK driver details lost somewhere in America Personal details of three million British driving test candidates are currently enjoying an extended fly drive holiday in the US, the transport secretary Ruth Kelly admitted this evening. Kelly told the House of Commons that a hard drive containing the information had disappeared from a “secure facility” in Iowa City, Iowa. …
What the hell is UK private data doing in the US, which doesn't have privacy laws (well, none worth mentioning)? Of course, the UK ones are quietly being dismantled too, so it sort of makes sense I guess. Or is this part of that "Safe Harbour" crap that the USA forced Europe to accept under threat of economic retaliation?
This is just the govt's way of softening up the populace. One by one different departments will *lose* different data sets, until such time as everyone can be fairly sure that their data is "in the wild". The govt then has us all by the balls and can force us to relinquish all our personal data on the grounds that it's no longer "private and confidential" information anyway...
"She also said that the data did not include financial data or national insurance numbers, so the department did not feel it needed to contact the individuals concerned, although a helpline has been put in place"
I'm not a sneak thief, but given the information present in the archive, it can't be too hard to e.g.
1. Telephone a person on the list;
2. "Excuse me, I'm calling from the DVLC, I believe back in 2004 you undertook one of our tests at (name of centre). You paid £X with your credit card - we have subsequently audited our figures and we actually owe you seven pounds fifty, could we have your bank details please. If you want, you can call us back on this official-sounding number";
3. Repeat two million, nine hundred and ninety-nine thousand, nine hundred and ninety-nine times.
Obviously the government has put safeguards in place to stop this from happening, and it's wildly and completely implausible (cough), but just imagine!
WIth the way the government seems to treat the protection of our data at the moment I might as well just put my details on a poster and paste it up around the country..
Knowing my luck they will be taken down as vandelism and disposed of more securly then the last lot of data...
Is what has always existed between th US and the UK. We give the yanks information and they take it, so this is nothing different. The fact that we paid these people this time to do something with the info means little,the yanks only care about their own wellbeing everything else is secondary. Throughout the cold war we sent information about the Russians to the yanks but they sent very little in return to us( although in this particular case they did always think we had a mole in the British secret services for years, they just never noticed their own mole). Now GCHQ spies on yank mobile phones and send the info to them, they don't reciprocate although it may be that they don't have to as GCHQ probably does it to us anyway.
Hmm, so 25 million records fits on 2 CDs but 3 million names and addresses, and not much else, requires a hard drive. I kinda lost the plot here. Why does a hard disk need to travel across the big pond? Surely 1 CD with its contents encrypted would have been adequate? Is someone not telling us anything here?
I was ok when HMRC lost the data
I was ok when DVLA lost the data
now the DSA have lost the data and I was more than likley on the database that was lost.
im not too worried about implications of the data lost, its just worrying that 3 government agencies have lost huge ammounts of data in such a short period of time.
I understand this time it was a contractor thats at fault but all this defies the laws of proberbility.
>> Kelly insisted that the data was configured specfically for Pearson, and not readily accessible to third parties.
Translation: Fear not, general public, the data cannot be read by hackers because its in a unreadable Microsoft-proprietary binary format such as an excel spreadsheet or a sql server database, and not ascii plaintext.
You are F**KING joking me! This is farce, and although I'd vote labour over tory any day, more than one head should roll for a whole load a systematic failures. ]
And if I wasn't finished a physics degree and to committed to care about having no more research future in the UK due to another effing gov balls-up, then i'd be tempted to sign up, and try and install a culture of common sense.
1) The Civil Service lost the data, not Parliament; Though one would expect our elected representatives to steer policy for the Civil Service - something like a "Data Protection Act", with appropriate penalties for the individuals responsible? Hmm, I thought we had that...
2) Labour v Tory - They all make up Parliament, which is what I regard as "the government"; IMNSHO blaming the majority political party is pointless, they're all responsible and all as bad as each other.
Perhaps they would sit up and take note if their confidential details were plastered all over the inter tubes.
@Ron Hughes - the point is, it makes the fraudster's life that little bit easier when trying to steal someone's identity.
@Dr Wheetos - how could you think that a politician is trying to mislead parliament - surely that is sacrosanct (no need for http://www.ministry-of-truth.net/). Tony didn't do it, and RK doesn't either. /sarcasm off
Having been stung today for £300 in fraudulent Red Nose & online gambling debits on my credit card, I'm beginning to wonder if employees are actually selling data their employed to protect.
"Kelly insisted that the data was configured specfically for Pearson, and not readily accessible to third parties."
Please, just for the fun of it, can someone get the gormless git to explain that one. Another example of why politicians of all people should be excluded from any involvement in areas where they don't know their arse from their elbow... hmmm, but then I suppose they wouldn't have anything at all to do.
+10 to previous poster, my thoughts exactly, it's about time their "private" data was leaked world wide.
Recently the DH denied that there was a review into processing patient data abroad - although this review was mentioned in an operating manual for Registration Authorities on issuing smartcards.
It does make me wonder - could it be that there *was* no review because it is already routine?
"Kelly today called for backup from the Information Commissioner’s Office, which duly said it did not feel the data breach held as much potential for mis-use as that set free by HMRC."
That's fantastic backup isn't it? The ICO declares that this breach is not as bad as the worst data breach ever, pt 1. Hardly a rousing endorsement.
It's like saying the Gulf War wasn't as bad as the WW1. FFS!!!
That's almost as bad as the CSC Worldbridge thing, where visa applications go to a CSC office and give their fingerprints and photographs to a CSC employee for creating a data file to let them apply for a visa. How naive is that? Handing identity records to a private USA contractor!
Our juridiction does not cover the USA, their laws do not protect our data, it's clear from the FISA thing, they view our data as records to be mined. There is no way we should be farming out data collecting and processing services to the USA in the present climate.
There's a similar thing with Amdocs in the USA, USA telephone billing has been farmed out to the Israel company Amdocs which was suspected of being involved in US operations.
http://www.rense.com/general31/fnews.htm
It's like they make privacy laws, then farm the handling of data out to companies based outside the juridiction of the privacy law. How can that possibly be acceptable?
One point not commented on in the media is that the DVLA provides private parking enforcement firms with the names and addresses of the owners of 'illegally' parked cars. Hence you can get a parking ticket for being in Tesco's car park too long.
To me this is absolutely disgraceful breach of privacy. Surely only the police should be able to trawl through the DVLA database? The potential for abuse is massive.
This Government has a cavalier approach to privacy - their lax security procedures, use of overseas processing etc etc are symptomatic of this wider problem.
Naturally they will plow on with the ID cards fiasco even though anyone who knows anything can see it is a disaster waiting to happen. Preaching to the converted here I know.
Just wait, another couple of government backed "sorry"'s and when we apply for a new job anywhere outside the UK they will say, "No, no. We don't need your CV... hang on, ah yes, here it is... and your address, telephone number, bank account details, driver's licence details, eye colour, dental records, children's DNA portfolios, criminal record, oh - I see you're an organ donor, mmm bit too much beer from Tesco's but... - okay - you're hired."
"Most of the individuals listed on the hard drive can be assumed to be in their late teens or early twenties"
So by extension they can be assumed to be posting every tiny boring detail of their everyday lives on Facebook, Bebo, MySpace and YouTube anyway. I'm sure in far too many cases the data lost in this cock-up is nothing that hadn't already been given away freely by the people it relates to. :(
More to the point, sending private data to a country where the only privacy guarantee you have is that your details are guaranteed not to be private, well that's just stupid.
Re. above. I may have mentioned this before elsewhere but I drive for a living and once over-stayed my welcome in a certain well-known fast-food "restaurant" (I use the word loosely) near one of the UK airports. The owner of the vehicle (as the registered keeper) received a demand for a parking "fine" from a nasty-sounding company calling itself "Civil Parking Enforcement" who had obviously obtained his details from the DVLC, which, to my way of thinking, is totally despicable. What I find equally despicable is that the owner then (without notice to me) passed on my personal details to this private company, about which I was not exactly best pleased. I felt that this may have been a breach of the 1998 Data Protection Act and queried this with the Data Commissioner`s Office. Their reply appears to infer that if anyone thinks that there may be legal action following on, then they are at liberty to divulge information to third parties! .........Just like that! This is presumably why the DVLC are allowed to sell drivers` information to all and sundry. Just what is the criterion for this action? It just appears to be someone`s arbitrary opinion here, without legal advice. Fat lot of good having a Data Protection Act if someone can just say "Yes, I thought there might be some legal action happening here, so I`ve passed on all these juicy private and personal details to just about anybody who asks - or even DOESN`T ask, in some cases!"
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
