back to article UK.gov loses 29 million personal records

UK government departments have managed to leak a total of 29 million personal records over a single year. In addition to the 25 million records spilled in the infamous lost child benefit CDs debacle, another four million records went astray in other stuff-ups, some of which have previously gone unreported. Since the HMRC data …

COMMENTS

This topic is closed for new posts.
  1. Steven
    Happy

    Got to love it when...

    the story titled 'UK.gov loses 29 million personal records' is right next to 'UK.gov to spend hundreds of millions on snooping silo' :)

  2. Anonymous Coward
    Paris Hilton

    Be fair chaps

    Probably some of those 29 million are the same record being lost again...and again and again....

    It may only be about 25 million or say two out of every five people that have had their whole life completely ruined by HMG...er that'll be more ruined than the remainder. Since this HMG has ruined pretty much the whole country and every one in it.

    Mine's the one with the escape plan from this 'quasi fascist control freak state' in the pocket.

    Paris - cos she has better t1ts than the one's running the UK.

  3. Ad Fundum
    Stop

    That's half the people...

    ...in the country who have now had their details thrown to the wind by the incompetent bunch of chuffwits. I wonder if we'll see quite the same level of delinquency when it comes to counting votes in the next general election?

    Still, it could be worse. That awful Clarkson fellow could be in charge for a start.

  4. Richard

    Data loss, data schloss

    One suspects that this isn't quite what they meant by "Open Government"

  5. dervheid

    the government "can't be trusted to protect people's personal details".

    No.

    This should simply have been;

    the government can't be trusted.

    Period

  6. Anonymous Coward
    Anonymous Coward

    Silos

    That's why they want a giant data silo, so they don't lose the place.

    A bit like a monolith to fascism.

  7. Dai
    Stop

    But...

    How many of these have been lost by "UK Government" and how many have been lost by private companies contracted to provide services that have traditionally been done very well "in house" by actual civil servants?

  8. Anonymous Coward
    Alert

    What about figures about Data Misuse?

    Initially, I wanted to write a little bit about how "The Party" and it's members will bullshit their way around this matter; but I decided that everyone else will cover that matter...

    I'm more concerned about the type of metrics that aren't released.

    Data Misuse.

    Who has access?

    Who's access is restricted?

    Who has artificially elevated access?

    How much access do the Police get?

    How often do the Police abuse that access privilege?

    How are local councils (mis)using accumulated data?

    How many instances of CCTV misuse were there?

    How many people with access to ANPR used it to track people?

    How has this vast accumulation of Data stopped crime?

    Just how much safer has this made us?

    etc...

    Losing Data is one thing - you can claim it is a one off event. You can claim that if it is misused, then that will be performed by a "criminal element", not insiders. Anyone with a rudimentary knowledge of security knows that most problems come from the inside.

  9. Bigus Dicus
    IT Angle

    The lack of encryption

    in government IT continues to astound me again and again. It is genuinely not hard to implement, and considering the risks, it's easy, even, to justify some amount of funding to get it done.

    Even light encryption would render most of these breaches mostly harmless, unless they fell into the hands of somebody with the right expertise and equipment.

  10. Anonymous Coward
    Anonymous Coward

    DVLA & Supermarket parking tickets

    You know those parking tickets, where a supermarket decides you're badly parked, and issues a fine, which the DVLA gives them your home address and such handing out private data in a civil matter that it has no duty handing out. They then send ever increasing threats of fines for the misparking. And quote with pride about how the DVLA is on it's side by giving them this private data?

    Well in the window of your car put a sign "by accepting my business at your establishment, you accept that the maximum fine for misparking will be 1 pound, and that you will reimbursh any and all costs related to fines, clamping, enforcement, my time involved, that of my solicitors, and any and all recovery and other related costs. In the event that you refuse this contract you are entitled to refuse my business."

    Photograph the sign with the supermarket in the background at least once to show they've accepted it (with a receipt aswell).

    You could take it further, stipulate that the supermarket and it's agents agree not to obtain your home details from the DVLA under penalty of 100 quid fine, and agree that if they do so, you are entitled to obtain the home details of any and all supermarket staff it's officers and agents.

    That's fair! Then the supermarket can refuse to serve you if you mispark, or serve you and get the 1 quid fine.

    And it protects you from the DVLA and parking cowboys.

  11. Anonymous Coward
    Alert

    29million incidents of incompetance with electronic Data and IT

    Questions worth seeking answers to:

    Has any Senior Civil Servant or MP been:

    a) reprimanded,

    b) sacked (without golden handshake/pension),

    c) banned from being placed in a position of authority,

    d) faced civil or criminal charges,

    e) all of the above,

    f) None of the above

    ...

    As in most things, our wonderful government scores an F.

  12. Adam Williamson
    Thumb Down

    Imitation?

    Wait a minute - adding up and re-reporting old figures as if they were a new news story? Have you guys been taking pointers from the Labour press team?

  13. Anonymous Coward
    Happy

    @various

    @Dai - There is no excuse, GOV is responsible for the data, and they should ensure all users comply / are responsible for the safety of the data.

    @DVLA & Supermarket parking tickets - shop elsewhere?

    @29million incidents of incompetance with electronic Data and IT - D.O.P.E will now doubt come out with a suitable excuse

    (Department Of Pathetic Excuses)

  14. Anonymous Coward
    Alert

    ...just wait a moment

    The idea that anybody, on either side of the Houses of Parliament, has the slightest idea about data handling, information security &c. is ridiculous.

    All we need do is look at their sent boxes for the stuff they've mailed to themselves to read later, or the attachments they've saved. Let alone the copies with researchers, leaked to the press...

    They are, after all, our peers. We do get exactly what we elected - these aren't thought leaders they're populists and to think they behave any differently to the rest of the populous when faced with hard work is to set a different standard.

    We all know that the reason data is mis-handled is that nobody can be a****d to do it right. Data security used to be easier because handling it was hard work and most security consisted of the person who would do the work saying "No", or "have you got budget?".

    Now it is the work of minutes to get an extract and shut the ******* up rather than have to sit through interminable meetings and email threads climbing up through the organisation.

    Once upon a time, when you had to have authority / budget in order to be able to mail stuff, when creating a copy was hard then you thought about what you were doing. Not least because photocopying a 100 page document was tedious.

    I spend a significant amount of time responding to security / data handling questionnaires and the you can bet I'm the only person in the process that reads the questions and my answers.

    Certainly once we're operational most people's reactions are to want the data sent to them regardless because they can't get PGP approved, nor an sftp site set-up. They don't want strong password controls because they can't remember them... as for their reaction when I suggest that a mail-out might be regarded as a change of purpose...

  15. Anon Koward
    Alert

    @Bigus Dicus

    I fully agree, although the problem is not wholly and solely with the respective IT departments, (all the time anyway!).

    I did a stint recently with a UK government organisation overseeing a large technology deployment. One of the challenges faced was trying to get the users to adopt encryption for removable media. This problem was exacerbated by the fact that the head of HR could not see the need for encryption!!

    Needless to say i was gobsmacked and even though everyone in Technology was pushing for encryption none of the users would allow it.

    Talk about the tail wagging the dog.

  16. Aetyr
    Paris Hilton

    Of course they lost it...

    ...this is the same government who, IIRC, released some kind of statement or had a spokesperson announce, after Hazel Blears' home computer got stolen, saying that all the confidential government data that was on the machine (and never should have been to start with, by the way) was perfectly safe, because Windows had a password on it.

    Yes, the current government believes that it is impossible to crack a Windows password, despite there being hundreds of freely downloadable tools on the intarwebnets which will do just that.

    If they are ignorant of that fact, which I would call pretty basic IT security knowledge, then how can they be expected to keep data safe?

    Paris, because she's well aware of exactly how exploitable all of her security holes are.

  17. Anonymous Coward
    Anonymous Coward

    England expects that every couple will do its duty!

    At this rate, the UK will run out of personal data to expose. Better step up the birth rate if you want to keep ahead of the government!

  18. Professor Quatermass
    Paris Hilton

    Now that we all know each other ...

    ... surely everything's ok again? By now the personal details of EVERYONE have been released, so we can all be friends and secure in the knowledge we can go ahead and stalk the stalkers back.

    Paris because she already has my personal data in her iPhone.

  19. b166er

    Data Protection Act

    Can't think of an easier way to circumvent it.

    DepartmentA wishes to share data protected by the DPA with DepartmentB.

    DepartmentA loses a whole bunch of data, DepartmentB finds it.

  20. Anonymous Coward
    Anonymous Coward

    Yet another reason against socialism and centralized government

    The title says it all.

  21. trackSuit
    Paris Hilton

    CAT5 got your tongue? Another day-trading loss.

    Today's theme is One of Repetition and DeJahFoos. Check out the posts which got the most comments and do them again?

    However in Seventh Heaven's Finest Rose Gardens, are the CAT5 dining on a well deserved Tuna fish supper dDelivered from Russia with Love, and they will not be distracted with handfuls of stale nuggets from passing strangers.

    Money is what IT has been about and what the PupPeT Masters Is doing for IT?

    42 Truly Entertain, does IT take Imagination to make the Servers Purr, for the CAT5 own their Masters, never the other way round -and such is their MuTuAIL Affection that this topsy turvy relationship is Tolerated and Moderated.

    And Paris? -a Fine Feline in Great Cat-Calling Games.

  22. Stewart Haywood
    Joke

    They haven't lost them!

    If you loose your keys, you don't have them anymore and can't use them. HMG still has the records and can still use them, they have just shared them with members of the public. It is reasonable that government should share information with the public. Now come on, it is unreasonable to ask which members of the public they shared them with. If they had shared them with you, would you want the whole world to know? So just rest assured that HMG does not loose things and will never tell the world about the data it has shared with you.

  23. Anonymous Coward
    Thumb Down

    Never mind encryption

    It's just another failure to see the wood from the trees.

    Don't take the data off the premises. Ever.

    Yes... Ever.

    If it ever must be physically transported, then it should be treated with the importance it deserves, not stuck on a CD in an envelope and given to a courier.

    But why should it?

    Just...

    Don't take the data off the premises. Ever.

    Get it?

    The government doesn't.

  24. Jim
    Dead Vulture

    Re: Yet another reason against socialism...

    Yeah, cos the private sector is so much better at keeping peoples details safe...

  25. daniel
    Dead Vulture

    @trackSuit - Oh No Not Amanfrommars again

    Just as you get into reading some interesting comments, you get an el reg bot spouting unintelligable crud

    Dead vulture - What should happen to amanfrommars et al...

  26. Simon
    Pirate

    Response to many posts

    @AC - Be fair chaps

    [quote]Probably some of those 29 million are the same record being lost again...and again and again....[/quote]

    May well be but, as it’s from a different department, there is, very likely to be, extra data from the records lost that will enhance better ID fraud based on all the previous data this government has decided to give away.

    One might believe that this is a deliberate tactic to further the establishment of even more draconian rules that tout the necessity of an ID database so that any personal data “in the wild” can be matched against it in order to stop the terrorists playing out their destruction of the non-complicit with their view.

    @Aetyr - Of course they lost it...

    [quote]Yes, the current government believes that it is impossible to crack a Windows password, despite there being hundreds of freely downloadable tools on the intarwebnets which will do just that.[/quote]

    Absolutely correct. And if you can't be bothered to seek the tools just boot up WinPE on a CD and the access the data without worrying about finding a password. I believe this doesn't apply to Vista though - but I will test that theory tomorrow.

    @Jim - Re: Yet another reason against socialism...

    [quote]Yeah, cos the private sector is so much better at keeping peoples details safe...[/quote]

    The private sector may not be that much better, but as soon as a punter finds out that the company they use has screwed up they can change allegiances, within a few days. The same is not true for government - this is one of the myriad of reasons why allowing government the power over personal data is a complete nightmare and ultimately will lead to the destruction of our democracy.

    I do wonder why there are so many Register news items that basically expose our current government’s “no nothing bonzo” strategy on decent IT, especially, when ultimately, it will lead to their downfall – it’s nonsensical; however, perhaps, this video (http://video.google.co.uk/videoplay?docid=3664960863576873594) may provide some kind of insight – but then again it may not. Who knows?

    Also I wonder why The Register is not digging deeper; are their journalist too scared?

  27. Anonymous Coward
    Anonymous Coward

    Question

    How do you train someone not to leave a laptop (with sensitive data) on public transport ?

  28. Geoff Mackenzie
    Joke

    Not such a big deal

    I don't understand why everyone seems to get so annoyed about this. I mean, I lost 35 million peoples' personal details this morning, and I only got up 10 minutes ago ...

  29. Tony Paulazzo

    How do you train

    > someone not to leave a laptop (with sensitive data) on public transport ?<

    With a whip? No, red hot pokers - <slaps head>, oh, of course, a second home in London with unlimited petty cash to furnish it...

  30. b166er

    @AC

    To train someone not to leave a laptop with sensitive data on public transport, you should subcutaneously implant a device that annoys them if they stray more than 2 feet from it.

  31. Adam Foxton

    @Ad Fundum

    As you've probably read, the government's position on this is:

    "We thought long and hard about the request to make Jeremy Clarkson the Prime Minister and in the end we put our thoughts down in a short film on YouTube. You can take a look here http://www.youtube.com/watch?v=cNy1w4DV5Hw"

    Good to see them doing something useful with their time... still, the less actual "governmenting" they do the less harm they can do!

    Seriously, though, Clarkson would make an awesome PM. Make everything go faster, make Britain far more patriotic over this once-great country (and specifically its cars) and cut a vast amount of red tape from Government. Probably end up with us in a recession from overspending on projects... but as we're almost there already what's the problem?!

  32. Anonymous Coward
    Anonymous Coward

    @AC : DVLA & Supermarket parking tickets

    Bizarrely off topic but what the heck..

    >Photograph the sign with the supermarket in the background at least once

    >to show they've accepted it (with a receipt aswell).

    That doesn't show that they accepted it, otherwise you might as well write

    out a bill of sale for the supermarket building and photograph that next to it.

    Supermarkets very rarely prosecute their customers for parking, doing so just loses a customer so either, 1) The parking must be phenomenally bad, just do it better or 2) It's another organisations car park next to a supermarket. If that organisation is the council, it's government, and so is the DVLA.

    Back on topic.

    Why are they carrying all these laptops around with important data on anyway?

    Can't they just take a précis? Or use a network connection at the other end?

    In lots of organisations I've noticed that possession of a laptop is a sort of status symbol, when that happens it's just a security risk.

  33. AC
    Thumb Down

    figures show that the government "can't be trusted to protect people's personal details".

    That would ring true no matter who was in government.

    don't get me wrong, I'd love to see Our Dave as head honcho right now but I still wouldn't trust anyone far underneath him to do the right thing. Public sector employees don't change after an election after all.

    Politicians are corrupts bastards who all need introductions to the real world or more preferably a chav tio get the right and proper deed done.

  34. Anonymous Coward
    Anonymous Coward

    Tax CDs not posted

    The general understanding in the IT.gov/Security community is that the CDs were almost certainly never posted - i.e. were lost inside the building and never made it to TNT. Its rather less likely they are "in the hands of criminal masterminds" than the Daily Fail would have you believe. Probably went in the bin and are in landfill.

    Still careless and 'at large' though.

    @Supermarket AC - DVLA get paid for giving access to Big Jimmy the Wheelclamper, that's why they do it (naturally).

  35. Anonymous Coward
    Anonymous Coward

    Re: Never mind encryption

    >Don't take the data off the premises. Ever.

    You forgot, and make sure the premises don't burn down or the systems suffer any form of catastrophic failure.

    Never heard of off-site backups?

  36. Anonymous Coward
    Anonymous Coward

    uk.gov or gov.uk

    Shame to hear that the UK government has been subdomained under the American .gov. I much preferred it when they were gov.uk...

  37. Peter Gathercole Silver badge
    Stop

    @THAD

    I take it you don't work in IT then.

    If you do, then I hope you don't have a site disaster, because you will lose (really lose, not 'share') all of the data that should have been backed up OFFSITE.

    It's all a matter of control and process rather than location.

  38. Anonymous Coward
    Anonymous Coward

    @AC : DVLA & Supermarket parking tickets

    "That doesn't show that they accepted it, otherwise you might as well write"

    The parking person must have read it because it clear and in your window and they are at your car, they have the opportunity to refuse (tannoy you to leave the supermarket because your misparked, or tannoy you to correct the parking and pay the quid fine as per your contract terms). The purpose of the photograph is simply to show a judge it's there and clearly visible and readable and always on for a long time (i.e. opportunity to read it every time the car parking is checked) and a similar contract to the plaque they put up.

    The aim isn't to protect you from ticketing harassment however, it's to show that parking is a civil problem and DVLA has no business releasing private confidential information without agreement. It holds that info in trust, a bank wouldn't release your account details just because someone claims you owe them money, so why should the DVLA.

    By adding the term "you agree I can obtain the home addresses of supermarket staff... blah blah blah, DVLA blah blah blah to get the fine for your contract". It's to give a basis on which you can go ask for the DVLA details of the plates in the staff car park.

    Good for the gander.

  39. Anonymous Coward
    Anonymous Coward

    @AC : DVLA & Supermarket parking tickets

    You're wrong, leaving a notice on your car doesn't automatically bind anyone who looks at the car.

    If you can't see that the best thing for you to do is to try it.

    >Good for the gander.

    Duh, it's not their leaving a notice that binds you, it's your _act_ of parking your car there.

    Like I said supermarkets rarely fine customers, either the car park belongs to someone else or you're properly abusing it.

    As for the DVLA thing, are you sure they didn't ask a court for the address?

  40. Anonymous Coward
    Anonymous Coward

    @JonB

    "You're wrong, leaving a notice on your car doesn't automatically bind anyone who looks at the car."

    The *choice* part of my contract is where they make the choice between

    a) Tannoy me to leave (i.e. ask me to leave the supermarket because I won't accept their parking terms, and reject my terms).

    b) Do otherwise.

    "Duh, it's not their leaving a notice that binds you, it's your _act_ of parking your car there."

    The plaque forms an offer of a civil contract, they claim that by parking and not leaving it forms acceptance of the terms on that civil contract (leaving aside questions as to whether you read it). However I have not accepted that civil contract, I have offered my own terms. Those terms are reasonable (mispark = a 1 quid fine) and they have ample opportunity to reject my terms on many occasions.

    "Like I said supermarkets rarely fine customers, either the car park belongs to someone else or you're properly abusing it."

    No, it's common now. They use to employ a person to run the car park, who would tannoy you to say 'Y8364 THG has left the lights on", or "Y8364 THG is blocking a delivery bay can you move it please". Parking companies offered to do it for free, but only if they can issue fines. DVLA made it possible to get home addresses from the number plate for these companies (they even get a computer connection right into the DVLA records). A nice little earner.

    The companies try to maximize the number of fines issued to maximize it's revenue, for the weakest of infringements with the minimum of collection fees. The contract with the supermarket sets the limits they can get away with.

    Some do the clamping game (I read McDonalds carparks do this), they stick the fine on then clamp, or even a tow away. Perhaps McDonalds gets a cut of the revenue, I don't know.

    "As for the DVLA thing, are you sure they didn't ask a court for the address?"

    No sadly the DVLA makes it possible for any individual to obtain the car details on a disputed or false claim, and for the large parking scammers, debt collectors, credit card companies, all sorts of others, they can apply for direct computer access.

    Government not only loses 29 million records, it hands out confidential info too via this DVLA route and many others.

    That Leeds boy was prosecuted on terrorist info charges, part of the case against him was that he had the home addresses of some officials. But I can't help thinking, if he worked for a parking company he could just plug their number plates into the DVLA to get those details, HMGOV is so free and easy with info.

  41. adnim

    I wish

    Labour would lose 349 personnel

  42. Anonymous Coward
    Anonymous Coward

    @AC : DVLA & Supermarket parking tickets

    >The *choice* part of my contract is where they make the choice between

    >a) Tannoy me to leave (i.e. ask me to leave the supermarket because I

    > won't accept their parking terms, and reject my terms).

    So for them to refuse your contract they have to seek you out and make a public notice, but for you to refuse theirs a note in your windscreen is enough?

    It requires an act for a party to become bound to a contract, you've accepted theirs by parking. They haven't accepted yours just because you wrote it down somewhere.

    Try it, you'd be guest of honour on Top Gear if it works, otherwise it'll cost you about 60 quid, plus costs.

    Who's the supermarket? Sounds like they deserve a bit of bad publicity.

  43. Anonymous Coward
    Anonymous Coward

    And wait for the spin

    When New Labour lose 'only' 28 million records next year they'll be able to claim that privacy standards are continuing to improve.

  44. Anonymous Coward
    Happy

    Get a Sthil

    Some do the clamping game (I read McDonalds carparks do this), they stick the fine on then clamp, or even a tow away. Perhaps McDonalds gets a cut of the revenue, I don't know.

    not with a sthil cutter, just leave the bits behind, works every time.!!

  45. spam

    Again...

    so when will someone be accountable for this??? really....

    Imagine if lots of UK people "lost the bills" the government sent them... maybe after a few months they would pull their finger out and stop this happening....

  46. Kevin P.
    Thumb Up

    A title is required.

    Normally I can fully accept that people are stupid enough to do really really stupid things.

    But this is beyond stupid. This is *so* stupid that it makes me blubber at the mouth and, my subconscious creates possible scenarios with which to explain the event which dont involve everyone in all of levels of government quite seriously having special needs.

    The idea that Britain is flooded with Russian spies who are exporting data as part of some plot to further destabalise our messed up society becomes *preferable* to the *slightly* more likely explanation that our country is being run by a bunch of dope-head, university drop-out scumbags high from the fumes of each others absinthe-ladenm piss.

This topic is closed for new posts.

Other stories you might like