Manufacturers need to constantly review their data protection procedures, warns digital vaulting and data encryption specialist Cyber-Ark as news of another pair of CD-ROMs going walkabout from a UK government agency emerged over the weekend.
“The News of the World has revealed that a former contractor for the Department for Work and Pensions had two CD-ROMs containing details of thousands of benefit claimants in her possession for more than a year,” says Calum Macleod, Cyber-Ark uropean director.
“Coming so soon after the HMRC CD-ROM fiasco, this highlights several errors of procedure within a number of government departments. It also highlights the need for all organisations, whether public or private sector, to control who has access to their data encrypt their company and client databases,” he adds.
The Department for Work and Pension CD-ROMs – which reportedly contain the names, addresses, dates of birth and national insurance numbers of up to 18,000 claimants – languished in the former contractor’s possession after she left the government agency and forgot to return the disks.
“There are several significant errors of procedure here. Access to the data should only be possible with the permission of senior internal staff; the disks should have been encrypted and should not have left the office without audit logging systems being applied; and they should have been retrieved by the agency following the contractor’s departure,” says Macleod.
“It’s unlikely that anybody’s head will roll for this second CD-ROM database fiasco, but until such time as the public sector and the government invest in technology that is readily available to avoid these repeated breaches of the Data Protection Act, they should put their national ID scheme on ice. Who knows what else is out there in the public domain,” he adds.