Skip to main content

More tales of CD-ROM database woe emerge from UK government agencies over the weekend

Cyber-Ark warned organizations of the need to constantly review their data protection procedures as news of another pair of CD-ROMs going walkabout from a UK government agency emerged over the weekend.

"The News of the World has revealed that a former contractor for the Department for Work and Pensions had two CD-ROMs containing details of thousands of benefit claimants in her possession for more than a year," said Calum Macleod, European Director with Cyber-Ark.

"Coming so soon after the HMRC CD-ROM Fiasco, this highlights several errors of procedure within a number of government departments.

It also highlights the need for all organizations, whether public or private sector, to control who has access to their data encrypt their company and client databases," he added.

The Department for Work and Pension CD-ROMs - which reportedly contained the names, addresses, DoB and NI numbers of up to 18,000 claimants - languished in the former contractor's possession after she left the government agency and forgot to return the disks.

"There are several significant errors of procedure here. Access to the data should only be possible with the permission of senior internal staff, the disks should have been encrypted, and should not have left the office without audit logging systems being applied, and should have been retrieved by the agency following the contractor's departure," said Macleod.

"It’s unlikely that anybody’s head will roll for this second CD-ROM database fiasco, but until such time as the public sector and the government invest in the technology that is readily available to avoid these repeated breaches of the data protection act they should put their national ID scheme on ice. Who knows what else is out there in the public domain," he added.

Désiré Athow
Contributor

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.