Parents concerned that new government databases might lead to their children’s data being lost or stolen were this week able to pilot the experience courtesy of a Leicester-based nursery, which appears to have "misplaced" a data stick containing details of children in their care. At time of writing, Leicester City Council, which …
As bad as any data loss is...
At least it sounds like they had the policies, resources and training in place to minimise the risk which is more than can be said in the case of some of the other data losses reported in recent history.
Of course, one can never eliminate the human element. Bring on our robot overlords.
A well known phrase...
...springs to mind, one the government should remember "Only as strong as the weakest link.".
Why is this sort of data on a memory stick? Why? Why? Why? It's just madness. Why? For some people huge leather bound ledgers with 4 foot square pages is the only way forward.
Can't think of a title
This is what happens when the government gets too involved in education.
Fine every body (government or not) £80 per name lost and pass this on to every person listed on the database that was lost.
£80 seems to be the going rate IDs...
Alternative, pass legislation that all data to be transferred (over the internet, on a CD, memory key etc.) must be encrypted to a suitable level and the keys maintained in accordance with a suitable strict standard. The penalty for not complying is 1 month in jail plus a substantial fine (e.g. 6 months salary)... need the jail element or the Sir Humphreys of this world still won't care.
"The only question remaining...."
".... is whether staff at the nursery involved actually followed the council's policies."
Which is the whole ID cards/personal data/medical data/whatever in a nutshell.
The Council policies are pretty good. They sound inspiring and comforting. My money's on someone cutting a corner or two, maybe even to save the Council some money, and inevitably the most junior person involved will be thrown out as a warning. It won't fix anything, any more than it did for the benefits fiasco, et al.
OK, I admit it - I fired off my first comment after seeing just the headline and not actually reading the article.
Can government not touch *anything* these days without losing sensitive information?
Yet another instance of more public information going missing, yet again it's some idiot putting sensitive data on an easy-to-lose memory stick and yet again it's a piss-poor apology.
They need to sack the person involved and the ICO needs to have stringent guidelines and penalties in place. If people can't use common sense then maybe they need the fear of being sacked and prosecuted to make them take data protection seriously...
Names, addresses, dates of birth and telephone numbers are easy to obtain. Since these were children, they probably didn't use telephone or internet banking. So, what the hell is a crook supposed to do with this information?
Anyway, it's only 80 names. I'm sure you could easily obtain thousands of names, addresses, dates of birth and telephone numbers from public records.
OK, it's bad that people weren't following the security policy, and perhaps something more sensitive will be leaked next time, but I'm totally failing to get the slightest bit excited by this report.
And the government still...
announces that as of January 2009 ContactPoint db for kids will be up and running.
Why do they continue down this path of obsessive data collection? I've certainly got to believe, now, that Wacky Jaqui has an OCD focused around data collection.
The more data in one place the more the pertinent information gets obfuscated and the more siginificant the impact of data loss when it is made public through incompetent twats.
If this was a private nursery...
..then everyone would pull out and bankrupt them, lesson learnt.
Unfortunatly it isn't.
Why was this data even on a memory stick.
Why, why, why, no seriously why?
The nursery staff concerned will be fined and heads will roll for its loss of these 80 pieces of info. Nothing like a good scapegoat within their remit to make the Civil servants happy.
Meanwhile, trebles all round, promotions and fat bonuses at the Home Office, DoD, DfT etc. etc. etc.
@Joseph Haig. We need a better explanation of "responsible" before you castigate yourself. It could mean anything from "listed on our list of approved nurseries" to "staffed, funded and run by us". I reckon it's most likely somewhere between the two.
What's wrong with all these people??
How difficult is it to not lose unencrypted data? Either encrypt it, or do not carry it around on portable, easily lost/stolen devices.
Why is it...
...that every time some organisation loses confidential data, the first thing they do is put a talking head in front of the camera who says;
"We take the issue of data security extremely seriously."
Well no - clearly you don't. Otherwise you wouldn't be standing there mouthing platitudes.
"...maybe even to save the Council some money..."
That the council could have used a free, open source product such as TrueCrypt.
It is more likely that whoever created the memory stick couldn't be arsed with protecting personal information.
Certainly think we should get in some penalties for £$%^ing up like this. How about a £5000 fine and a year in jail for a first offense, followed by sterilization, branding and enslavement for a second offense? Too harsh?
I'm with the other AC
names and addresses, Telephone numbers, dates of birth...
At our nursery and primary school for that matter, we (all parents) are provided with exactly this list for all the classmates of our children, If I remember rightly it was sent via email from the parents representative of the class. It is of great help in arranging meetings for offspring, passing on information on measles/flu/tummy problems not to mention gossipping other halves, Yes, we were asked if we would like to be on the list or not.
I'm struggling to find a reason why this "loss" is a real problem. And why would anyone want to move house because of it ... mountain meet molehill !
Ok worst case... Someone has moved house because of a child/wife/husband beating partner, and now this information has been lost. of course it's obviously going to find it's way to the convicted beater and he/she will exact revenge. I suspect the chances of the data reaching him are much less than the chances of him/her actually happening upon his/her victim in the street.
Please keep things in perspective in future .
Cos the kids are listed on system A that you inherited from the dept of health and the nurseries are on system B which used to be administered by the dept of industry before they were merged, renamed, split up and reorganised.
There is no way to transfer information between them, you no longer have an IT dept who could knock up a quick SQL query cos it got outsourced. You could ring up IBM/EDS/Fujitsu/Cap-Gemini or whoever now runs you, but a simple SQL query will end up costing a couple of £M and take 10years.
So you do it the way 90% of data processing is done. You copy it so a usb stick, dump it all into Excel and spend a day cutting and pasting columns around.
Names, addresses, dates of birth and telephone numbers are easy to obtain. Since these were children, they probably didn't use telephone or internet banking. So, what the hell is a crook supposed to do with this information.
Apply for credit in the kids name. Some people are really daft.
Did anyone ever loose anything in years gone by ?
Of course they did, so why the fuss when it happens now ? I do remember a few stories of paper files on the council tip, etc.
Partly because this sort of loss has become a popular press meme and also the amount that can be lost is so much greater -- to have lost what you can put on one memory stick you would have had to have lost a barrow load of paper (at least).
Don't get me wrong: it is right that we should castigate those who are careless with data and everyone needs to learn to be more careful.
Still don't get it. Personal information is just that. If the parent WISHES to share with other parents, that is their choice. It shouldn't be shared because (1) some ditz lost a usb stick, (2) some wamker left the door open (literally or figuratively) to the database (oooohhh, the databases are coming, the databases are coming!)...sorry.
A database only makes it that much easier to get access to your child if this information is left wild. Ok, so you're not worried about paedos. I'm not particularly worried either. On the other hand, there's more wackos out there than just paedos; and I'm not wanting ANY of them having direct access to info about my sprog, thank you.
Even Paris knows that personal information in the wrong hands causes problems.
names and addresses, Telephone numbers, dates of birth...
At my kids' primary school I think they'd rather dance naked in the playground than hand over such information to new parents. We did get a list of children in the class, probably because that was simpler than preparing a custom letter for each parent, but all else is secret. Still, it gives us something to talk about for the first few weeks of term and it doesn't stay secret for long.
But good security practice is that where there is no need to know, there's a need not to know. That applies to nursery contact lists just as much as it applies to a national child database, if only because one set of rules is easier to enforce than two and "easy to enforce" is clearly a requirement when you are dealing with government.
Paris, because she knows the difference between her secrets and her privates.