A Freedom of Information request by infrastructure specialist Software AG reveals that more companies and government departments than ever are reporting data losses to the Information Commissioner's Office. There were 356 self-reported data losses this year - between November 2008 and September 2009. This compares to 190 …
You have a choice...
Spend money on people and training to avoid data leaks
Or do nothing and worry about it after it all goes wrong.
I mean what's gonna happen.
No fine , no imprisonment, no penalties at all.
Thanks NuLabour - The rich get richer and we.... we are just a comodity to make even more money from and to spy on
Does anyone know if the figures include data that was "lost" but adequately encrypted (if you can say there is such a thing)?. I ask this, not as a get out, but I wonder if people who are conscientious enough to report it are more likely to have tied in the first place (i.e. encryption) and the ones who don't bother fessing up at all are the total non-encrypted numpties.
Every time there is a data loss and there is no evidence whatsoever of steps having been taken to avoid data loss, sack the CEO and head of IT.
That'll make them get off their arses!
All part of the plan
As you may be aware by recent revelations about immigration, where the general public thought it was official incompetence that opened the flood gates, and it has been revealed by a senior civil servant that it was all part of the plan. Well it is the same with data loss, no action is being taken against those because its part of the plan. They do not want you to have private data, if it has been leaked so often, then I think its a cover for something else.
We use whole disc encryption, here at work
If the laptop gets stolen it still counts as 'data loss', but at least everything on it is AES 256-bit encrypted. It puts a small extra load on the read-write operations of the laptops, but since most of my files are actually read from, and written to, mountpoints that are often physically located in other countries, the actual overhead of encrypting local disc-writing is fairly small, compared to the cost of sending data over ssh pipes to Paris, or Bantry Bay, or wherever.
However, since most of our desktops are XP pro, we still have to buy this as a third party (PGP) add on. It would not suffice for our own needs, but I cannot understand why Bitlocker is still only offered as an 'Enterprise' solution for the top end licenses of the more modern versions of Windows: they are only using a proprietary implementation of 128 bit AES, after all (which is pretty damn weak). It looks, to me like they are charging the premium price because they can, and not because it costs that much to maintain the code-base being used.
It is regrettable, but true, that while enforcing basic levels of encryption requires the addition of free or paid for third party tools, many companies will just continue to not-bother doing so. Even a free implementation of 128 encryption, shipped as standard, would be better than nothing. Filevault ships for free on all versions of OS X - even if it will only encrypt the user's home folder.
Exactly my question. I know that even if it's encrypted or not, you should still let the ICO know. I think this could be advertising from the company doing to FOI.
Probably find (as david has already said) that the ones fessing up have already encrypted it.. those that haven't won't.
@AC "Solution" - Sometimes even the Head of IT can't get the Board to give them the money to do the encryption. Even though they are responsible, I would suggest making it explicitly clear when asking for the funding that the Head of IT (or most senior IT person) goes on record stating the importance of encryption. Don't be so cavalier-like.
On a final note - any "Whiner" saying that their org hasn't got encryption, should probably address it with their senior management. hell, isn't there a Whistle-blowers policy in the Public Sector??
Black Hueys - because I have a controversial view on this...
It's not difficult
luksformat -t ext4 /dev/sda1
CDs/USB sticks will always be lost as they are small, but there is no excuse for no encryption.
part of the plan
I fear anonymous coward is right. Watch the shadows on the wall if you want to see what is happening.
here's some scurvey tricks to look out for:
1. rather than do something dodgy, appoint someone with a propensity for said dodginess.
2. folk who yell out when it doesn't go their way and keep their mouth shut when it does; you can try this at home:
If you're playing dice and someone gets a good throw, but it bumps off something before it stops, insist that they throw it again. If they get a poor throw, keep your mouth shut however much it bumped.
Once your puppet has been rumbled, replace him
Mix 1 and 2 together. Find loudmouths of various opinions, and when something happens you don't like, just help the appropriate loudmouth to a more visible platform and then bow to that particular public opinion.
3. Give authority to any sincere minion as long as they serve your purpose; use one of the myriad of laws they must be breaking (who doesn't) against them when they fail to please.
4. Maintain the idea that national politics is the platform through which change is gained.
The truth is, as we have a mostly stable society we don't actually need a very active government, for once in history we can manage ourselves - therefore expect instability to preserve our dependence.
Release ALL personal info NOW
Avoid the rush!
Make it all available...now.
What could possibly go wrong?
That shit costs money. We can just report the loss to the ICO and then we're fine and our ass is covered. The reason so many people are reporting data loss is because there are no repercussions so it's stupid not to.
Oh FFS this is crazy...
We are leaking information like a Sieve!. The politicians work bloody hard to protect their own information like their expenses data from leaking for years, even after freedom of information requests, (and its our money they were taking!), meanwhile they continue to leak our data in all directions exactly like they don't care about us.
So the big people get their information protected meanwhile all us little people are wide open to exploitation from all our leaked information. So maybe a Sieve is a very good analogy, because it catches the big stuff and leaks everything else.
I was only saying yesterday that its starting to look like the UK will be the first country in the world to offer total open source intelligence on its entire population! :(
I'm sure most of these leaks are incompetence (i hope), but I do wonder if some could be paid for leaks? ... Opps lost memory stick or even a laptop on a train ... and got 10k in an envelope as compensation! ... thank you very much stranger. It would be cheap for crooks to use this method to get access to so much data. (Cheaper than hiring a team of hackers). (Plus how many just copy the memory sticks and don't even loose them). Corrupt companies, Spies, Spam & Identity Fraud people must be loving the UK. "Loose" whatever you like, no problem. Meanwhile our greedy rich control freak elite can sleep safely knowing all their double dealings are buried under many layers of protection backed up with criminal laws to burn anyone who dares to leak their data. Yet as usual, they remain ignorant of our ever growing anger at them all. The whole bloody lot of them keep showing they are corrupt and incompetent.
You can also create an AES 256 bit encrypted disk image (DMG) file on OSX. Kind of like an OSX truecrypt without the more useful functionality. Handy all the same though.
Can it be blamed on NuLabour?
I have to wonder if NuLabour's love of quangos has something to do with this. Every time a new quango is erected, it needs an IT department, and there simply aren't enough good IT people to fill all the slots Britain already has. Hence IT positions in quangos (and other tentacles of government) tend to be occupied by second-rate people for whom the words "encryption" and "security" might as well be in a foreign language.
I also wonder if the prevalence of the faux-credential MCSE has something to do with incompetents being hired by stupid HR departments.
"Hence IT positions in quangos (and other tentacles of government) tend to be occupied by second-rate people for whom the words "encryption" and "security" might as well be in a foreign language"
Really?? Which Quangos? Most have better encryption and security than Private sector (who wait for a loss to happen and (as The Vociferous Time Waster says) then pay the fine). In my experience, it's some of the BEST candidates, but they are governed by red tape and other such confines.
Name the Quangos that you speak of, go on... In fact, do an FOI and see for yourself..
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Exploits no more! Firefox 26 blocks all Java plugins by default
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Google embiggens its fat vid pipe Chromecast with TEN new supported apps
- Review Hey Linux newbie: If you've never had a taste, try perfect Petra ... mmm, smells like Mint 16