Stop using USB sticks to move kids' data, auditor tells Education Dept The Department for Education (DfE) needs to improve the way it handles the personal sensitive information of 20 million records contained in its National Pupil Database, according to the Government Internal Audit Agency (GIAA). The findings were revealed in the department's annual accounts for 2014/15, which were published …
FTFY. This was SOP not so long ago. And rivet the case shut, too. Repeat offenders to be issued with machines that have a solid blob of epoxy where the USB connectors were.
You don't need spare USB ports on a corporate/government machine. Peripherals should be shared per office, installs done from approved images over PXE and input devices should be permanently attached and only removable by a technician. Sort your physical security first, always. Then layer on the software and wetware policies.
Briefcases are just as easily left on public transport, although these days are likely to be subject to a controlled explosion. Still, that would be better data sanitation than just binning a usb drive too small to be useful.
Large file transfers are technically still possible
There seems to be a plan to record each child's internet browsing at school and home.
I'm not sure how the "at home" bit works as they don't specify, but I'm pretty sure it wasn't unintentional.
It doesn't sound good. Their web history can't be entrusted to an organisation who gives away their school record to practically anyone. Getting their web history on their own devices or at home is a step too far.
I like USB sticks for moving data securely. The number of people who could potentially breach a server is in the billions, the number with physical access to my USB stick much smaller.
At work our servers have been successfully hacked by the Chinese government, the Russian government and the Syrian government (and probably more that I'm unaware of). Nobody has ever got my USB stick, and if they did they'd to figure out how to reassemble the deleted blocks.
Whilst the use of USB sticks may be causing problems, the article does not give a single instance where the use of USB sticks is linked to the fundamental data privacy and protection issue raised, namely:
"Jen Persson, coordinator of children’s privacy group defenddigitalme said: “The DfE freely gives out 20 million children’s confidential personal data directly to unaccredited third parties without the consent of parents or pupils. Parents must be told who has their children’s personal data, and why." "
What is the DPO doing? As this is a clear breech of the DPA.
Exactly.
I was under the impression that the data was not given freelly as in "for no money" for commercial use by companies, rather that it was "freely" available at a not insignificant price. So, to all those Tory voters who love privatisation, congratulations, your kids have just been privatised!
Think this ia a little over the top? Imagine that your kid goes through a tricky adolescence which results in exclusion, or poor test results for a while. Would you like all that information sitting on the databases of every major employer and recruitment agency in the country for the rest of their life?
Let alone the consequences that will inevitably happen after the one leak required to ensure it's all out in the wild for anyone to see for ever more.
Now do you start to see why privacy matters and this government policy is outrageously stupid?
the consequences that will inevitably happen
Availability and (mis)use of data in the National Pupil Database itself is only part of the problem. Features of the RYOGENS programme also seem to be being implemented, although we hear very little about these aspects. It's not hard to wonder whether this will lead to greater stigmatisation of a proportion young people and the creation of an underclass, rather than the reduction in crime claimed by proponents from both sides of the political spectrum for what amounts to computerised surveillance.
http://www.fipr.org/childrens_databases.pdf
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
