If the number is accurate, it sounds surprisingly (and creditably) low to me.

It would be interesting to know how many laptops are in the hands of gov departments (and their contractors) - I'm sure it must be thousands. Anyone who is responsible for more than a hundred laptops knows that 'shrinkage' is inevitable - whether though stupidity, negligence or targeted theft. If you need to use portable devices, occasional losses are the cost of doing business, you can (and should) minimise the risk, but you can't eliminate it completely.

The best solution is to ensure that no data is held locally (<cough>Citrix</cough>) or, failing that, strong encryption (preferably not involving a password stuck underneath the device). The 'unloseable' portable device has never existed and will never exist.

So, the MOD and HO didn't respond! The most important departments as far as data loss is concerned, 'asked' by parliament and didn't respond? A fine demonstration of the power of parliament.

It can't really be a surprise that at least one a week goes 'off the radar' given the massive PC estate that the Government runs. Any large enterprise would probably suffer from similar problems.

You're never going to be able to stop staff leaving them in taxi's, the general public stealing them, assets being moved without permission or laptops not being collected from staff who leave. What it does highlight though is that its ESSENTIAL to ensure ANY data storage is encrypted and that your asset management systems accurately lists all accesses available so that when the loss is discovered, you remove access permissions.

"Despite a £20, 000 reward for the child benefit discs and a 47-officer strong police investigation they were never found."

Personally, I doubt they ever existed. Two discs gone missing between one department and another? Sounds like a classic case of the old 'No, of course I didn't forget to send them! What? Do you mean to say they never showed up?'

All it takes is for it to be reported to an unusually conscientious person with any idea of the actual magnitude of this kind of loss, and what was previously a fib to get you out of a tight spot is now a major news story and police investigation.

On the positive side, this (as I believe) fake data loss story did seem to prompt other government departments to start 'fessing up to their own losses, which as we've seen are substantial.

my company numbering about 300 imployes lost 4 laptops in 1 year

but as a result I am now involved in rolling out a truecrypt system to all employes

Nope, guess again, I've got 'em.

Anon because, well...

"Don't care, won't care." Nuff said. What a bunch of Red Queens.

That Shaps chap is one to watch. I wonder what his vus are on the dial 080808 Ossetia adventure. Same as Callme Dave's peradventure?

>Despite a £20, 000 reward for the child benefit discs and a 47-officer strong police investigation they were never found

I seem to remember they went via a certain delivery company, who are probably the ones who lost them. If that is the case, then the disks are in Belgium. I worked on the system that would have tracked the disks, and it has a default of "if not sure, deliver to main depot in Belgium".

But my main comment is simple - the government needs to implement a simple "if you lose or leak data on individuals, you go to jail" policy. On the other hand, non-personal data related to government, that should be public - they're our government, we should be entitled to know what they're up to.

How many other things have gone missing without being reported.

How many departments allow users to use any USB media without encryption? Would such a user report the fact that they'd copied some data to their personal USB stick and lost it, or would they keep quiet and go out and buy another USB stick?

How many users have manage to get sensitive data onto their home PCs? How easy is it, on the government's networks, to export some data to a flat file and then copy that data to removable media or email it out? How many users manage to lose track of data like that?

But if things like that do go on I doubt that ministers even want to know about it. So long as they don't know about it they don't have to report it.

"We don't need a review of policies . We need hefty fines and prison sentences for INDIVIDUALS RESPONSIBLE for the loss of equipment containing unsecured personal data. Simple."

Ah, but which individual is responsible, pray tell? The lowly flunky who had the misfortune to have a laptop stolen while refreshing himself after an arduous workday? Or his manager, who clearly didn't *manage* him? Or the operating policy wonks who fill notebooks inches thick with detailed, explicit policies, but never trouble themselves to tell the troops about them? Or, God forbid, the minister responsible for the department at fault? (BTW, what ever happened to the concept of ministerial responsibility? Did Wakkyjakky have her way with it? <shudder>)

Ash's emphatic demand that _somebody_ be held accountable is understandable given the repeated demonstrations of public sector IT muppetry, but I fear his proposal would become an excuse to make the proverbial lowly flunky a scapegoat for more profound failings much higher up in the hierarchy.

And thus serve as a mechanism for those truly responsible to escape all blame. Since it seems to be a guiding principle of NuLabour that all blame must be avoided, you can see how the proposed policy would play into the hands of Those We Love to Hate.