Now its The Government Gateway’s turn..

According to this BBC article.

I like the bit about it being inconceivable that the data lost could cause problems.

Surely it would be better to be inconceivable that such data could be lost in a pub car park in the first place!!!!

How strange, someone just e-mailed me their sales prospect list…

….by mistake I assume.

I won’t embarass them by publishing the spreadsheet in which they talk about their approaches to different clients and likelihood of success.

…whodunnit? I won’t name names, but will say it was an accounting firm with the initials P, W and C in their name…

Two breaches on the one day…

It can’t be easy being in the military services these days; so why make it worse by doing this…

And just in case you thought it was all public sector, here’s one from Deloitte.

Is it only Government who loses data at this rate?

Here’s another UK Government data breach.

At least we see that UK.gov recognises the obligation of exposure; but are we supposed to believe that breaches are not happening at the same rate in private sector? I think not. My experience is that many aspects of the private sector are even more culturally flawed around personal data management than the public sector.

89% of Security Breaches Unreported

According to this article by Matt Flynn.

PA Consulting….shame on you!!!

Another 80,000 records gone.

Top 10 Data Breaches in 2007

Here a nice link for posterity.

I wonder who will be first in 2008? It won’t be too long before we find out I suspect.

Contrasting Problems…

I would not even attempt to keep up with the wonderful job the Open Rights Group is doing of providing running commentary on Discgate.

But I would like to compare and contrast the 3 main privacy ‘scandals’ of the last few weeks in order to show the need to manage the problem at both overall level, and at specific component level.

To do so i’ve completed a ‘remote’ Trust Index assessment of Facebook, Sky TV and HMRC.; remote = that which I can assume or glean from outside the organisation.

The three scores are shown below:

Facebook

Sky TV (UK)

HMRC

As we see, this exercise shows that the organisations that organisations may score broadly the same on The Trust Index – but have significantly differing dynamics within that score.

Beyond that, we should not that scores below 50% on the index are poor anyway. Unless organisations are scoring a minimum on 75% on the index then they are not trying hard enough and are allowing other business factors to override their respect for the personal data of their customers .

The Straw (Data Breach) that Broke The Camel’s Back

This appalling loss of 25 million personal data records by Her Majesty’s Revenue and Customs has to become the tipping point for a marked increase in respect for personal data across all of UK government and beyond.

And this on the back of last weeks revelation that the Foreign and Commonwealth office had breached the Data Protection Act.

More resignations please and then some strong proposals on how to transform the situation……

….This is unlikely to be based on an ‘honest we’ll do better next time’ approach, or even bringing in Data Breach legislation after the horse has bolted – Project VRM and User-Centric Identity Community….please help!!!!

Data Breach Laws Rejected in UK – Now We Know Why..

Contrary to House of Lords recommendations, the UK Government are refusing to introduce data breach notification laws.

According to a House of Lords spokesman, Lord Errol, the UK government ‘does not get the threat to the internet posed by cybercrime’.

‘The powers would apply to government as well as the private sector. We think that’s why [the government] is resisting it, said Lord Errol.’

A very timely quote, given that on the same day it is announced that Revenue and Customs have ‘lost’ a CD with personal details of 15,000 customers of Standard Life.