"Quest to free all world's imprisoned data continues"

Funny until you realise it may be true...

My wife's details are on that laptop.

I'd love to know why they needed to use live data for testing & training purposes...

I hope they included those uses in the data protection information that was given to the real users when all the data was captured.. we wouldn't want any further DPA violations would we?

TRUECRYPT

TRUECRYPT

TRUECRYPT

Sheesh. I can't believe that these people *still* don't know the basics of securing sensitive data. I'm just glad I don't have any insurance, pension, bank accounts, or presence with the government. Hmm, where's my tinfoil hat?

1. encrypt your hard drives, esp. on laptops - password protecting Excel files does not count.

2. transfer data on line (if you have to), not on a disk with the password on a Post-It attached to it.

3. Reduce the number of records / fields if you have to hand it out for testing or statistical analysis.

4. Anonymize records if you have to hand it out for testing or statistical analysis.

There, that would have stopped 90% of the embarrassing datalosses .

That leaves deliberate leaks and data theft.

If you're an MP wanting to cover up expenses claims, you're F**ked.

Testing using live data?? - "it was was being used as a database for development, training and performance testing".

Idiots.

Cost of disk encryption software: <£50 (<<£50 in bulk)

Value of not having your name splashed all over the press as the biggest bunch of incompetent wasters since the last lot: priceless.

... that way there is the maximum probability of everything going wrong when the application/web-site/whatever goes live. Please let them test on live data at least a couple of days before going live.

The other thing: why are we hearing about this kind of thing so much? Are they softening us up, getting us used to the idea of all our personal information being known by everyone, so that we learn to accept having no privacy? I can't think of any other explanation of all these announcements. Surely in decades past this kind of thing would have been hushed up?

Surely if the information's that sensitive, for a vendor to be able to pore through it at their leisure is a blatant and inexcusable breach of DPA!?!

Someone had better get their faced nailed to the wall for this, but they won't

to the data protection act question? Can someone in Government also explain why we should trust them to run an ID card system with this track record

I just got back from London having had a few pints with some of the lads from the old firm, and they mentioned they're already preparing for the forced ID card deployment. "Clean" (spotless CRB check) people are being spoken to about getting jobs with the contractors.

The data alone is valuable, and that'll go walkabout pretty quick, but having someone on the inside savvy enough to manipulate it or install some MITM trickery and it's a "digital fucking diamond mine" as one of them put it.

Not to mention a laptop with confidential data on it.

The comments on here are interesting as they show that all anyone really cares about is the data on the device, not the device itself.

The data in this case isn't protected by encryption, just a password. But knowing the data is on the device, would it make any difference to the peoples perceptions that their private data is on that device?

Surely knowing the data has been removed from the device would be a lot better? Utilising the internet or mobile phone networks you can receive this reassurance through a tool like BackStopp. The data is removed and a report is made available detailing the removal of such data. What price would the company in question pay for that functionality now?