New data security checks for EDS
New data security checks for EDS
Personal details of 256 staff were lost, Mr Straw said |
The justice secretary says computer giant Electronic Data Systems will face annual audits of its security standards after a recent loss of sensitive data.
Jack Straw said EDS would also bring in "appropriate classroom and computer-based training packages".
The changes came as a review concluded that 256 National Offender Management Service staff's personal details had been on a hard drive lost by EDS.
Meanwhile a separate review said thekey to security was "high morale".
The loss of the data on a hard drive in July 2007 did not come to light until July 2008, which Mr Straw said was down to the "the inadequacy of EDS's tracking system".
Encryption
In July EDS informed the NOMS's IT security team but, says Mr Straw, the security team "did not take sufficient action... with the result that senior officials and ministers were not aware of the loss until 6 September".
At the time it was feared that up to 5,000 people's details could have been on the lost hard drive, but Mr Straw said the investigation found it "contained 256 items of sensitive personal information that could potentially, if in the public domain, cause damage to that individual, namely, bank details, address details, and National Insurance numbers coupled with dates of birth".
The key determinant of good security has always been and remains staff with high morale and sense of purpose Sir David Omand |
He added that "there remains no indication that this information has entered the public domain".
Mr Straw's written statement to MPs says that the hard drive was lost after a disaster recovery exercise when EDS "failed to take adequate measures to track or record the location of the hard drive when it was transferred to another site".
"This did not comply with data protection principles, and also meant that the investigation could not identify precisely when or where the hard drive went missing," he said.
"The possibility of theft has resulted in this matter being referred to the West Mercia Police. EDS is taking appropriate action, which will include disciplinary action if necessary, concerning the staff involved."
He outlined a range of new security procedures being planned and said "the number of transfers using removable media will be reduced, and encryption will be introduced on removable media".
Meanwhile Cabinet Office minister Liam Byrne made a separate statement to MPs about the Omand Review into the loss of two Joint Intelligence Committee assessments.
'Sense of purpose'
One was into the state of Iraq's security forces, commissioned by the Ministry of Defence. The other one looked at al-Qaeda's vulnerabilities.
Mr Byrne said that an individual had been convicted under the Official Secrets Act and that Sir David Omand had concluded "the documents were mislaid because of the direct actions of the officer".
The statement added that Sir David "also observed that no security system that is both affordable and allows for the efficient conduct of business will provide proof against all forms of human error - and that the key determinant of good security has always been and remains staff with high morale and sense of purpose".
It also says Sir David "has recommended a number of additional and affordable measures covering security education, practical procedures and emergency arrangements that would reduce some of the more likely human failings".
"An example of the sort of measures recommended that can be made public without damaging security is the introduction of spot checks," Mr Byrne added.
The statements were issued on the first anniversary of the news breaking that a CD containing personal details of all UK child benefit claimants had been lost - the incident which led to Whitehall-wide reviews of data processing and a series of other data security breaches being revealed.
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home