The Home Office has had to dramatically revise its estimates as to the amount of data lost by a contractor within the last year. In January 2009 we initially reported the data breach however the department’s latest report states that the unencrypted USB device containing Police National Computer and Prisoner data actually held 377,000 records; this is 250,000 more than originally reported.
This revelation will raise further question marks about the ability of government to safeguard data, especially when that data is being handled by third-party consultancies. This security flaw should emphasise the importance of data security for not only public but private organisations, especially when handling live, stored and backed up data of a confidential nature. As always organisations are directed to follow the industry recommend standards for data protection such as encryption and online backup.
Information released by the Home Office showed that PA Consulting were paid an enormous £24.5m last year, up from just £8.4m the previous year, owing to its work on the National Identity Scheme and the Interception Modernisation Programme. Having such prestigious and secure programmes in place one would expect data to be securely stored and transported in an encrypted format at the very least. With market leading technologies offering WAN optimisation, de-duplication, encryption and compression as standard the transportation of data efficiently and securely offsite should be the bare minimum expected.
After the data breach last year it has come as no surprise that the Home Office terminated its contract with PA Consulting, and carried out “a full review of the system and procedures” that led to the breach. Following the data loss, an investigation was completed and a member of PA Consulting’s staff was consequently fired. To this day, the memory stick has never been found.
This final response is designed to retain confidence in the Home Offices practices. A spokesperson stated “The department will continue to monitor and assess its information risk in the light of these events, in order to identify and address any weaknesses and ensure continuous improvement of its systems.” The Home Office will therefore without doubt be exploring encryption, online backup and disaster recovery solutions to ensure that data is not only securely protected but always recoverable to avoid any future embarrassment.