By Tom Espiner | The Liberal Democrats have taken the government to task following this week’s round of high-profile official data losses, suggesting the breaches show the government could not safely administer an ID card database.
The revelation on Tuesday of the loss of a personal computer from cabinet minister Hazel Blears’s Salford office, coupled with two instances of civil servants leaving top-secret documents on trains from Waterloo this week, calls into question the government’s ability to look after sensitive data, according to the Liberal Democrat shadow home secretary, Chris Huhne.
Huhne said the proposed National Identity Register behind the ID cards scheme could not be adequately administrated by the government.
“Three significant data losses in the space of a week have demonstrated just how lax this government’s attitude is towards data-security issues,” Huhne told ZDNet.co.uk on Wednesday. “Given that ministers continue to lurch from one data fiasco to another, it is hard to believe that they can be trusted with something as large and as invasive as the proposed National Identity Register.”
However, the Home Office claimed data controls for the National Identity Register (NIR) will prevent information leaks.
A Home Office spokesperson said: “We understand public concern about security of personal data and one of the most important benefits of the scheme will be to improve the individual’s protection against fraudulent use of personal information. The link between your unique biometric information and limited data identity held will make it incredibly difficult for anyone to try to use your personal information fraudulently.”
“IPS will make the register as secure as possible, building on an excellent track record with the current passport database, which has 80 million records,” the Home Office’s spokesperson added. “The level of security classification will match some military databases.”
Blears had a personal computer stolen from her constituency office in Salford on Saturday. A spokesperson for the department of communities and local government, which Blears heads, said on Tuesday that while the PC contained “some restricted information” the data on it was not top-secret.
However, it emerged on Tuesday that the restricted documents on the stolen PC had been sent to Blears in an apparent contravention of government practice. Communities and local government permanent secretary Peter Housden said: “It is clear that papers have been sent to Hazel Blears in a way that is not fully consistent with the departmental guidance. I have instructed my officials that departmental procedures, guidance, and the awareness and accessibility of that guidance, are now strengthened to ensure this does not happen again. I take full responsibility for ensuring this is done.”
The Conservative Party called for the issue of the data loss from the department of communities and local government to be discussed in Parliament, and for the government to clarify what had occurred.
“The news that a government minister may have been directly responsible for the loss of data relating to extremism is extremely alarming,” said shadow home secretary Dominic Grieve. “It comes after a series of security breaches over which government appears not to have regained control. The government must urgently clarify what happened in this case. If Hazel Blears has breached security rules in relation to material she has handled, Parliament must be told exactly how and why this has occurred.”
Security vendors pointed out that password protection is easy to crack, and recommended that all organisations encrypt sensitive data.
“Once again this drives home the real risks of data losses and the impact these can have, even when you think the data is secure,” said Nick Lowe, Check Point’s regional director for Northern Europe. “It’s vital to go the extra mile and secure data not just with lock and key, but by cryptography.”