Dug Campbell

It’s in the post. Honest.

Here we go again.

So I see that the Ministry of Justice has announced today that it has lost data relating to three sensitive, serious and high profile police enquiries. Apparently the material was stored on CD’s that were posted but have yet to arrive.

Now accidents happen. Perhaps. But this can’t be written off simply as an inconsequential mistake. Professor William Buchanan of Napier University hits the nail on the head for me in a post when he asks three key questions:-

1. Who still relies on CD’s?

In an age of USB sticks, SD cards, cloud storage and laptops that no longer come with no CD drives, why are CD’s even being used?

2. Where were the basic security methods?

Secure processes require security in each of the three states of digital data. This means protecting data in use, data in motion and data at rest. It’s hard to see how storing data on CD’s that you post ticks any boxes here.

3. Where was the process?

Of course, all the precautions in the world are useless if you people get to choose to do whatever they like within an organisation. With no encryption on the documents, no encryption of the transport chosen and no restriction on access to the data, it paints a pretty damning picture of the attitude that such institutions take the protection of such sensitive material.

The worrying thing is that as such centralised institutions seek and are granted – openly or otherwise – access to more and more comprehensive information about the lives of those within society, the potential damage wreaked as a result of such bad practices grows daily.

These occurrences are becoming far from unusual. It’s only a few years since the personal details of the families of 25 million child benefits claimants were ‘misplaced’. And if they fail to take even basic security measures, it’s not hard to understand why individuals are increasingly turning to encryption to protect their own data (despite other’s misguided attempts to prevent this).

As Professor Buchanan suggests: get industry in there to educate them. The stakes are too high to leave it to chance.