Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

09:01 AM
Anthony O'Donnell
Connect Directly
Facebook
Google+
Twitter
RSS
E-Mail
50%
50%

Stupidity and Negligence Result in Staggering British Data Privacy Breach

Whatever this means for the British government and governments in general, the incident once again sounds the general alarm about the vulnerability of private data that individuals choose to or are forced to disclose to supposedly responsible parties. And it shows once again that clever security measures focused on defense against malice may be inadequate in the face of official arrogance, laziness, stupidity and plain incompetence.

On Tuesday Nov. 20 the British government disclosed a staggering breach of data privacy as the result of the loss of two CDs that a junior tax official attempted to send to the National Audit Office by courier. The NAO never received the disks, and they remain lost. The Guardian reports that the disks contained the unencrypted personal information of 25 million citizens, "including their dates of birth, addresses, bank accounts and national insurance numbers...opening up the threat of mass identity fraud and theft from personal bank accounts."Whether this was the worst data breach in history is a matter of the criteria one applies. As this New York Times article explains, last year's leak of veterans' Social Security numbers affected 26.5 million and a former America Online engineer stole information belonging to 92 million people. However, the British breach was shocking not merely for the sheer numbers involved, but the proportion of the population and the nature of the information and its potential for harm.

The incident has created significant political turbulence in the U.K., including calling into question the efforts of the Labor government to institute mandatory national ID cards, which require individuals to disclose sensitive personal information. Responding to Labor Prime Minister Gordon Brown's apology yesterday, Tory shadow chancellor George said that "Public confidence in the government and its ability to protect information has been destroyed." The otherwise well-regarded head of the tax agency, Sir Paul Gray, resigned Tuesday.

Whatever this means for the British government and governments in general, the incident once again sounds the general alarm about the vulnerability of private data that individuals choose to or are forced to disclose to supposedly responsible parties. And it shows once again that clever security measures focused on defense against malice may be inadequate in the face of official arrogance, laziness, stupidity and plain incompetence.

The effectiveness of security safeguards depends on the compliance of those with access to sensitive data, as emphasized by Dr. Mirielle Levy, head of identity management standards at the U.K.'s Identity and Passport Service (quoted in the ID card story linked above): "You can have all the virus checkers and pretty IT you want, but the real problem is people."Whatever this means for the British government and governments in general, the incident once again sounds the general alarm about the vulnerability of private data that individuals choose to or are forced to disclose to supposedly responsible parties. And it shows once again that clever security measures focused on defense against malice may be inadequate in the face of official arrogance, laziness, stupidity and plain incompetence.

Anthony O'Donnell has covered technology in the insurance industry since 2000, when he joined the editorial staff of Insurance & Technology. As an editor and reporter for I&T and the InformationWeek Financial Services of TechWeb he has written on all areas of information ... View Full Bio

Register for Insurance & Technology Newsletters
Slideshows
More Slideshows
Video
All Videos