Here’s another UK Government data breach.
At least we see that UK.gov recognises the obligation of exposure; but are we supposed to believe that breaches are not happening at the same rate in private sector? I think not. My experience is that many aspects of the private sector are even more culturally flawed around personal data management than the public sector.
According to this article by Matt Flynn.
Another 80,000 records gone.
Here a nice link for posterity.
I wonder who will be first in 2008? It won’t be too long before we find out I suspect.
I would not even attempt to keep up with the wonderful job the Open Rights Group is doing of providing running commentary on Discgate.
But I would like to compare and contrast the 3 main privacy ‘scandals’ of the last few weeks in order to show the need to manage the problem at both overall level, and at specific component level.
To do so i’ve completed a ‘remote’ Trust Index assessment of Facebook, Sky TV and HMRC.; remote = that which I can assume or glean from outside the organisation.
The three scores are shown below:
Facebook
Sky TV (UK)
HMRC
As we see, this exercise shows that the organisations that organisations may score broadly the same on The Trust Index – but have significantly differing dynamics within that score.
Beyond that, we should not that scores below 50% on the index are poor anyway. Unless organisations are scoring a minimum on 75% on the index then they are not trying hard enough and are allowing other business factors to override their respect for the personal data of their customers .
This appalling loss of 25 million personal data records by Her Majesty’s Revenue and Customs has to become the tipping point for a marked increase in respect for personal data across all of UK government and beyond.
And this on the back of last weeks revelation that the Foreign and Commonwealth office had breached the Data Protection Act.
More resignations please and then some strong proposals on how to transform the situation……
….This is unlikely to be based on an ‘honest we’ll do better next time’ approach, or even bringing in Data Breach legislation after the horse has bolted – Project VRM and User-Centric Identity Community….please help!!!!
Contrary to House of Lords recommendations, the UK Government are refusing to introduce data breach notification laws.
According to a House of Lords spokesman, Lord Errol, the UK government ‘does not get the threat to the internet posed by cybercrime’.
‘The powers would apply to government as well as the private sector. We think that’s why [the government] is resisting it, said Lord Errol.’
A very timely quote, given that on the same day it is announced that Revenue and Customs have ‘lost’ a CD with personal details of 15,000 customers of Standard Life.