Advertisement
Promo

Security threats Toolkit

Data Breaches

MoD announces data-protection action plan

Kablenet.com

Published: 25 Jun 2008 16:56 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The Ministry of Defence has published an 'action plan' to implement all the recommendations of an official review of its data security.

The comprehensive plan sets out how the Ministry of Defence (MoD) intends to meet the 51 recommendations made in a report by Sir Edmund Burton, chair of the Information Assurance Advisory Council.

The report was commissioned after the ministry lost laptops containing the personal details of individuals who had expressed interest in joining the armed services.

Key changes at the MoD include ensuring:

  • An enforced policy exists on the sharing of personal data outside the MoD
  • Only qualified users are authorised to handle personal data
  • All instances of the loss of laptops and other IT equipment are reported and acted upon
  • The ministry and its IT contractors understand record management and the consequences of failure
  • Implementation of a data-retention policy that complies strictly with the Data Protection Act
  • Transparent responsibilities for personal data management
  • New system security procedures, followed through by audits
  • The ministry retains only the minimum amount of information necessary to carry out its work
  • Potential risks to information are regularly reviewed by executive boards and audit committees, and as part of capability reviews and Office of Government Commerce 'gateway reviews'

Bill Jeffrey, permanent undersecretary at the ministry, said: "We deeply regret the losses of personal data. We have identified weaknesses within parts of the MoD that led to this situation and I am confident that we are taking the necessary steps to address them."

Read this

Feature
Keep mobile data from going walkabout

Mobile email is no longer the preserve of upper management but providing access to company information on the go has its risks...

Read more +

Burton was asked to carry out a full investigation after the theft of a Royal Navy recruiter's laptop in Birmingham on 9 January this year. The laptop contained unencrypted personal records for more than 600,000 people. He was also asked to examine the ministry's broader approach to data protection.

Burton's investigations revealed that this was one of four laptops to have been stolen since 2004. All had been taken from parked cars. The report states that only the recent theft appears to have led to disciplinary proceedings.

Although the MoD's security instructions for the safekeeping of laptops were clear in prohibiting them from being left in unattended vehicles, they did not dictate that the data must be encrypted.

"The effective management of information risks must engage every user — military and civilian — across the department, and within our community of commercial suppliers," the report states.

The report also identifies a shortage of IT expertise across government and its private-sector contractors, posing a significant risk to the MoD.

Burton's report was passed to the ministry on 30 April and made public on Wednesday.

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment
Data Breaches

Did you find this article useful?
2 out of 2 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



More in this Special Report

The top five internal security threats

The top five internal security threats

It's widely known that internal staff are the biggest threat to IT security, but what specifically should an employer watch out for? more

Keeping mobile data from going walkabout

Keeping mobile data from going walkabout

Mobile email is no longer the preserve of upper management but providing access to company information on the go has its risks more

Lib Dems call for data guardians

Lib Dems call for data guardians

The Liberal Democrats are seeking the introduction of data guardians into the public and private sector, to protect citizens' information rights more

Worker suspended over loss of prisoner data

Worker suspended over loss of prisoner data

An employee at Home Office contractor PA Consulting has been suspended after the loss of a memory stick holding the unencrypted details of every prisoner in England and Wales more

Ministry of Justice reports nine data breaches

Ministry of Justice reports nine data breaches

The ministry reported the data breaches, affecting around 45,000 people, to the Information Commissioner's Office in the last financial year more

Foreign Office reports five data breaches since 2007

Foreign Office reports five data breaches since 2007

The data breaches at the Foreign and Commonwealth Office are thought to have affected less than 188 people in total more

ICO: Gov't ignoring data-sharing hazards

ICO: Gov't ignoring data-sharing hazards

The government is blindly pursuing data-sharing plans without heeding the potential pitfalls, information commissioner Richard Thomas has claimed more

Lords presses government for data-breach law

Lords presses government for data-breach law

The House of Lords has again urged the government to introduce a data-breach notification law, adding that banks should be liable for e-fraud losses more

Video: Get the most out of your data

Video: Get the most out of your data

How do companies deal with information management? Jonathan Steel, CEO of tech-research firm The Bathwick Group, gives insights based on a recent ZDNet.co.uk benchmark survey more

Justice minister urges overhaul of gov't data handling

Justice minister urges overhaul of gov't data handling

Michael Wills has called for the government to handle data transactions as carefully as financial transactions more

MoD announces data-protection action plan

MoD announces data-protection action plan

The ministry has published a plan of how it intends to meet 51 data-policy recommendations made as part of review into the loss of MoD laptops more

Systemic failure blamed for HMRC data loss

Systemic failure blamed for HMRC data loss

Two reports have found the loss by HMRC of 25 million child-benefit claimant details was 'entirely avoidable' more

Featured Oracle Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

See All White Papers

Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

Supportability Engineer/ILS Engineer

Senior Commercial Manager

Software Engineer/Developer

Related BlackBerry Resources

Human Resources Management eBook

Supply Chain Management eBook

Design and Innovation Report

Economist Intelligence Unit Report - Technology and growth at mid-sized companies

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Met will not reopen phone hack investi...

The Metropolitan Police will not reopen its investigation into alleged phone hacking by the News of the World. In a press statement delivered outside Scotland Yard on Thursday, Assistant... More

Post a comment

FUD over ChromeOS's security already?

It hasn't taken long for the security vendors to wake to the potential of Google's new ChromeOS. The potential that is, to create FUD – fear uncertainty and doubt. In a release today,... More

Post a comment

Feds take DDoS in their stride

The US Department of Homeland Security has said that a series of distributed denial-of-service attacks began on US government networks on 4 July. However, Amy Kudwa, deputy press... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters