Over-use of secrecy leads to bullethole in foot?
I disagree. Even if secrecy were not involved and this was all unclassified data, there's still no excuse in losing it. The point is, data (of all types) is continually being lost. Losing Top Secret data is pretty bad, but then so is losing unclassified information. Unclassified information could potentially become Top Secret once it's been classified, but point is, something in the department is broken and staff are unknowingly putting data at risk. USB sticks and PDAs are in common use in the MoD, namely because the desktop/email systems are too locked down and staff's own home PCs or PDAs get the job done quicker. Staff don't realise they are breaking the law.
The good news (I hope) is that the MoD will be unearthing more of these events as it undertakes their action plan in response to the Burton review of April 2008. The bad news is that the press will now run riot over anything the MoD subsequently releases and forums will go wild...
MoD's response and action plan here:
Line #15 in the Burton Review says it all:
"15. Outside MOD HQ, with a few notable exceptions, there is very limited understanding of the Department’s obligations under the Data Protection Act."
"31 a. Too large and unwieldy. JSP 440, the Department’s chief document on security, runs to hundreds of pages. System and Security Operating procedures are commonly 90-100 pages. The language used is often specialist and impenetrable to lay readers."
Something VERY definitve and conclusive is being done about data protection issues by the MoD. The MoD now have a Head of Data Protection and Information Assurance (as of January 2008).
I know it's too much, too little and probably too late, but I fully support the actions of the MoD in resolving this problem. Just wish they could do it a little quicker... :)